How to set up a TOR Transparent Proxy

Pasha KravtsovSupport Engineer
Published:
Updated:
Hello EE,

Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of iptables and know basic Linux commands.
1. To start install the 'Tor' package available in most repositories.
apt-get install tor

Open in new window

If you are using a different distribution of Linux obviously use your package manager to install the Tor package.

2. We are now going to want to start Tor, run this command:
root@s2:~# service tor start
[ ok ] Starting tor daemon...done.

Open in new window

If you are using a different distribution of Linux, use the appropriate command to start the Tor daemon.

3. Now we're going to want to edit the Torrc configuration file and add these lines:
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 5353

Open in new window

The Torrc file is located at /etc/tor/torrc

root@s2:~# vim /etc/tor/torrc

Open in new window


4. Once you have added those 4 lines to the Torrc restart the Tor daemon
root@s2:~# service tor restart
[ ok ] Stopping tor daemon...done.
[ ok ] Starting tor daemon...done.

Open in new window


5. Finally we are going to set the iptables rules to send all DNS requests and etc through Tor. For this we will use a handy bash script to set everything up for us. Add this script to startup to have transparent proxy after you boot
#!/bin/sh
# destinations you do not want routed through Tor
NON_TOR="192.168.1.0/24 192.168.0.0/24"
# the UID Tor runs as, change this accordingly for your OS
TOR_UID="43"
# Tor's TransPort
TRANS_PORT="9040"
iptables -F
iptables -t nat -F
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 5353
for NET in $NON_TOR 127.0.0.0/9 127.128.0.0/10; do
 iptables -t nat -A OUTPUT -d $NET -j RETURN
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR 127.0.0.0/8; do
 iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j REJECT

Open in new window


6. Save this script as .sh file and the CHMOD it
vim transparent_proxy.sh
chmod +x transparent_proxy.sh
./transparent_proxy.sh

Open in new window


7. Now check that you are correctly connecting through Tor
curl https://check.torproject.org/ | grep "Congratulations."

Open in new window

4
8,704 Views
Pasha KravtsovSupport Engineer

Comments (18)

Brandon LyonFrontend Engineer and UX
CERTIFIED EXPERT

Commented:
Daily browsing means different things to different people. What's that saying? If you're using a hammer then everything looks like a nail?

I rarely, if ever, stream videos or download anything. Most of the time I'm reading news, hanging out in forums, communicating with other people, searching the net, browsing, etc. I don't need lots of bandwidth for that.
Pasha KravtsovSupport Engineer

Author

Commented:
I personally use it for irc, coding DHT code through tor, etc. It's all up to you whether you want to use it for your daily browsing activities.
Jason C. LevineDon't talk to me.
CERTIFIED EXPERT

Commented:
Thanks, Brandon...that makes sense.

So Tor is really only useful for low-bandwidth applications.  YouTube, Facebook, and other resource-heavy things will probably be too slow or unusable altogether?
Pasha KravtsovSupport Engineer

Author

Commented:
They are all usable.. some nodes give you fast access, some are hideously slow.. you CAN watch videos, download stuff whatever it's whether you want to deal with the slowness.
how can I stop this?! when my hotspot logout or my laptop disconnect, my ip addr and iptables are in old state and can not connect to web until restart. even iptables -F don't resolve. in result of ip addr command I have an extra iP under wifi deveice

View More

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.

Get access with a 7-day free trial.
You Belong in the World's Smartest IT Community