<

How to set up a TOR Transparent Proxy

Published on
9,375 Points
2,975 Views
4 Endorsements
Last Modified:
Approved
Hello EE,

Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of iptables and know basic Linux commands.
1. To start install the 'Tor' package available in most repositories.
apt-get install tor

Open in new window

If you are using a different distribution of Linux obviously use your package manager to install the Tor package.

2. We are now going to want to start Tor, run this command:
root@s2:~# service tor start
[ ok ] Starting tor daemon...done.

Open in new window

If you are using a different distribution of Linux, use the appropriate command to start the Tor daemon.

3. Now we're going to want to edit the Torrc configuration file and add these lines:
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 5353

Open in new window

The Torrc file is located at /etc/tor/torrc

root@s2:~# vim /etc/tor/torrc

Open in new window


4. Once you have added those 4 lines to the Torrc restart the Tor daemon
root@s2:~# service tor restart
[ ok ] Stopping tor daemon...done.
[ ok ] Starting tor daemon...done.

Open in new window


5. Finally we are going to set the iptables rules to send all DNS requests and etc through Tor. For this we will use a handy bash script to set everything up for us. Add this script to startup to have transparent proxy after you boot
#!/bin/sh
# destinations you do not want routed through Tor
NON_TOR="192.168.1.0/24 192.168.0.0/24"
# the UID Tor runs as, change this accordingly for your OS
TOR_UID="43"
# Tor's TransPort
TRANS_PORT="9040"
iptables -F
iptables -t nat -F
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 5353
for NET in $NON_TOR 127.0.0.0/9 127.128.0.0/10; do
 iptables -t nat -A OUTPUT -d $NET -j RETURN
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR 127.0.0.0/8; do
 iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j REJECT

Open in new window


6. Save this script as .sh file and the CHMOD it
vim transparent_proxy.sh
chmod +x transparent_proxy.sh
./transparent_proxy.sh

Open in new window


7. Now check that you are correctly connecting through Tor
curl https://check.torproject.org/ | grep "Congratulations."

Open in new window

4
Comment
  • 8
  • 8
17 Comments
 
LVL 70

Expert Comment

by:Jason C. Levine
And if I happen to be running Windows?
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
I have personally never attempted to use a tor transparent proxy with Windows.
Since windows doesn't have iptables or pf or anything of that nature that I can think of besides netsh you can use some programs that claim to do the same thing but it's up to you if you want to trust it not to leak anything.
http://reqrypt.org/tallow.html
0
 
LVL 70

Expert Comment

by:Jason C. Levine
I'm just a regular user with several Windows machines at my home connected to a wifi router and I want to use Tor or something like it to keep my browsing private.  How do I do that using this article as a guide?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 5

Author Comment

by:Pasha Kravtsov
https://www.torproject.org/download/download-easy.html.en
Just download this and start the tor browser and that will accomplish what you want.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
So how is using the Tor browser different than using a transparent proxy?  What are the advantages to using the proxy? Should I be setting up a *nix distro and dual-boot to gain something here?
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
..The tor browser bundle only sends http & dns traffic through tor IN the tor browser bundle. A tor transparent proxy sends ALL network traffic on your machine through tor. It all depends on what you're trying to hide/anonymize.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
It all depends on what you're trying to hide/anonymize.

Everything, I guess.  I have concerns about privacy.
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
Dual boot a *nix distro, setup lvm on luks, install grsec, setup transparent proxy, do not install flash, java, keep everything minimal and you're pretty much bulletproof to a certain degree :)
0
 
LVL 70

Expert Comment

by:Jason C. Levine
But only when running the *nix distro, right?

So tell my wife and son to use the Tor browser, and I do the more complicated routes described above?
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
In my opinion you should have your wife and son switch to linux but that's my personal opinion. But sure you can do that, using tor for daily activities such as streaming videos, downloading stuff, etc is extremely slow and steals bandwidth from the tor network. It's not necessary for the little things of that nature..
0
 
LVL 70

Expert Comment

by:Jason C. Levine
In my opinion you should have your wife and son switch to linux but that's my personal opinion.

Understood, but my wife uses Windows-specific software to do her work and my son's school uses Windows-specific software to track reading and math work progress so a blanket "Use Linux" suggestion, however well intentioned, won't work for me or millions of other users like me.

using tor for daily activities such as streaming videos, downloading stuff, etc is extremely slow and steals bandwidth from the tor network. It's not necessary for the little things of that nature..

So now I'm confused.  If it's not useful for little things of that nature, when should I use it?
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
It's really up to you. I can't tell you what you need it for.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
Pasha,

Your first line is:

Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree

I want to not have my and my family's recreational browsing censored or tracked to a certain degree.  But I'm not a hardcore Linux user (in fact, we don't use it at all at home) nor am I overly familiar with Tor.  So when you then go on and say:

using tor for daily activities such as streaming videos, downloading stuff, etc is extremely slow and steals bandwidth from the tor network.

it does beg the question: what is it used for if not daily browsing?  If I can't use it for daily activities on either *nix or Windows because it's too slow, what's the point of sending all my network traffic through it?
0
 
LVL 10

Expert Comment

by:Brandon Lyon
Daily browsing means different things to different people. What's that saying? If you're using a hammer then everything looks like a nail?

I rarely, if ever, stream videos or download anything. Most of the time I'm reading news, hanging out in forums, communicating with other people, searching the net, browsing, etc. I don't need lots of bandwidth for that.
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
I personally use it for irc, coding DHT code through tor, etc. It's all up to you whether you want to use it for your daily browsing activities.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
Thanks, Brandon...that makes sense.

So Tor is really only useful for low-bandwidth applications.  YouTube, Facebook, and other resource-heavy things will probably be too slow or unusable altogether?
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
They are all usable.. some nodes give you fast access, some are hideously slow.. you CAN watch videos, download stuff whatever it's whether you want to deal with the slowness.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Join & Write a Comment

There may be issues when you are trying to access Outlook or send & receive emails or due to Outlook crash which leads to corrupt or damaged PST file. To eliminate the corruption from your PST file, you need to repair the corrupt Outlook PST file. U…
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…
Other articles by this author
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month