Answer the question
In order to leave comments, you need to log in
IPTables, TOR, Transparent proxy. Why refused?
I do a transparent redirection of traffic to the Tor network on a router (debian).
Tor itself works on the router, if you connect to it as socks5, everything opens.
You can also connect to the hidden service from the tor network.
In /etc/tor/torrc config:
TransPort 9040
DNSPort 127.0.0.1:5300
VirtualAddrNetworkIPv4 172.16.0.0/12
AutomapHostsOnResolve 1
ExcludeExitNodes {RU}
HiddenServiceDir /var/lib/tor/sergey/
HiddenServicePort 22 127.0.0.1:22
[email protected]:/var/log# netstat -ntap|grep LIST|grep tor
tcp 0 0 127.0.0.1:9040 0.0.0.0:* LISTEN 4271/tor
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 4271/tor
#!/bin/sh
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp -d 172.16.0.0/12 -j LOG --log-prefix "REDIRECT to tor: "
iptables -t nat -A PREROUTING -i br0 -p tcp -d 172.16.0.0/12 -j REDIRECT --to-ports 9040
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# curl -v http://flibustahezeous3.onion/
* Trying 172.18.168.66...
* connect to 172.18.168.66 port 80 failed: В соединении отказано
* Trying febd:6df4:bc82:357d:c8f0:a28:bfbb:7964...
* Immediate connect fail for febd:6df4:bc82:357d:c8f0:a28:bfbb:7964: Недопустимый аргумент
* Trying febd:6df4:bc82:357d:c8f0:a28:bfbb:7964...
* Immediate connect fail for febd:6df4:bc82:357d:c8f0:a28:bfbb:7964: Недопустимый аргумент
* Failed to connect to flibustahezeous3.onion port 80: В соединении отказано
* Closing connection 0
curl: (7) Failed to connect to flibustahezeous3.onion port 80: В соединении отказано
Sep 2 14:36:19 debian kernel: [ 2936.037786] REDIRECT to tor: IN=br0 OUT= MAC=bc:5f:f4:de:c9:28:10:0b:a9:2f:b8:44:08:00 SRC=192.168.143.12 DST=172.18.168.66 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=18431 DF PROTO=TCP SPT=57516 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
[email protected]:/var/log# tcpdump -i any net 172.16.0.0/12
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
14:39:54.221000 IP 192.168.143.12.57528 > 172.18.168.66.http: Flags [S], seq 914463515, win 29200, options [mss 1460,sackOK,TS val 10980812 ecr 0,nop,wscale 7], length 0
14:39:54.221000 IP 192.168.143.12.57528 > 172.18.168.66.http: Flags [S], seq 914463515, win 29200, options [mss 1460,sackOK,TS val 10980812 ecr 0,nop,wscale 7], length 0
14:39:54.221034 IP 172.18.168.66.http > 192.168.143.12.57528: Flags [R.], seq 0, ack 914463516, win 0, length 0
14:39:54.221037 IP 172.18.168.66.http > 192.168.143.12.57528: Flags [R.], seq 0, ack 1, win 0, length 0
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question