<

Go Premium for a chance to win a PS4. Enter to Win

x

How to set up a TOR Transparent Proxy

Published on
9,007 Points
2,607 Views
4 Endorsements
Last Modified:
Hello EE,

Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of iptables and know basic Linux commands.
1. To start install the 'Tor' package available in most repositories.
apt-get install tor

Open in new window

If you are using a different distribution of Linux obviously use your package manager to install the Tor package.

2. We are now going to want to start Tor, run this command:
root@s2:~# service tor start
[ ok ] Starting tor daemon...done.

Open in new window

If you are using a different distribution of Linux, use the appropriate command to start the Tor daemon.

3. Now we're going to want to edit the Torrc configuration file and add these lines:
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 5353

Open in new window

The Torrc file is located at /etc/tor/torrc

root@s2:~# vim /etc/tor/torrc

Open in new window


4. Once you have added those 4 lines to the Torrc restart the Tor daemon
root@s2:~# service tor restart
[ ok ] Stopping tor daemon...done.
[ ok ] Starting tor daemon...done.

Open in new window


5. Finally we are going to set the iptables rules to send all DNS requests and etc through Tor. For this we will use a handy bash script to set everything up for us. Add this script to startup to have transparent proxy after you boot
#!/bin/sh
# destinations you do not want routed through Tor
NON_TOR="192.168.1.0/24 192.168.0.0/24"
# the UID Tor runs as, change this accordingly for your OS
TOR_UID="43"
# Tor's TransPort
TRANS_PORT="9040"
iptables -F
iptables -t nat -F
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 5353
for NET in $NON_TOR 127.0.0.0/9 127.128.0.0/10; do
 iptables -t nat -A OUTPUT -d $NET -j RETURN
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR 127.0.0.0/8; do
 iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j REJECT

Open in new window


6. Save this script as .sh file and the CHMOD it
vim transparent_proxy.sh
chmod +x transparent_proxy.sh
./transparent_proxy.sh

Open in new window


7. Now check that you are correctly connecting through Tor
curl https://check.torproject.org/ | grep "Congratulations."

Open in new window

4
Comment
  • 8
  • 8
17 Comments
 
LVL 70

Expert Comment

by:Jason C. Levine
And if I happen to be running Windows?
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
I have personally never attempted to use a tor transparent proxy with Windows.
Since windows doesn't have iptables or pf or anything of that nature that I can think of besides netsh you can use some programs that claim to do the same thing but it's up to you if you want to trust it not to leak anything.
http://reqrypt.org/tallow.html
0
 
LVL 70

Expert Comment

by:Jason C. Levine
I'm just a regular user with several Windows machines at my home connected to a wifi router and I want to use Tor or something like it to keep my browsing private.  How do I do that using this article as a guide?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 5

Author Comment

by:Pasha Kravtsov
https://www.torproject.org/download/download-easy.html.en
Just download this and start the tor browser and that will accomplish what you want.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
So how is using the Tor browser different than using a transparent proxy?  What are the advantages to using the proxy? Should I be setting up a *nix distro and dual-boot to gain something here?
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
..The tor browser bundle only sends http & dns traffic through tor IN the tor browser bundle. A tor transparent proxy sends ALL network traffic on your machine through tor. It all depends on what you're trying to hide/anonymize.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
It all depends on what you're trying to hide/anonymize.

Everything, I guess.  I have concerns about privacy.
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
Dual boot a *nix distro, setup lvm on luks, install grsec, setup transparent proxy, do not install flash, java, keep everything minimal and you're pretty much bulletproof to a certain degree :)
0
 
LVL 70

Expert Comment

by:Jason C. Levine
But only when running the *nix distro, right?

So tell my wife and son to use the Tor browser, and I do the more complicated routes described above?
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
In my opinion you should have your wife and son switch to linux but that's my personal opinion. But sure you can do that, using tor for daily activities such as streaming videos, downloading stuff, etc is extremely slow and steals bandwidth from the tor network. It's not necessary for the little things of that nature..
0
 
LVL 70

Expert Comment

by:Jason C. Levine
In my opinion you should have your wife and son switch to linux but that's my personal opinion.

Understood, but my wife uses Windows-specific software to do her work and my son's school uses Windows-specific software to track reading and math work progress so a blanket "Use Linux" suggestion, however well intentioned, won't work for me or millions of other users like me.

using tor for daily activities such as streaming videos, downloading stuff, etc is extremely slow and steals bandwidth from the tor network. It's not necessary for the little things of that nature..

So now I'm confused.  If it's not useful for little things of that nature, when should I use it?
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
It's really up to you. I can't tell you what you need it for.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
Pasha,

Your first line is:

Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree

I want to not have my and my family's recreational browsing censored or tracked to a certain degree.  But I'm not a hardcore Linux user (in fact, we don't use it at all at home) nor am I overly familiar with Tor.  So when you then go on and say:

using tor for daily activities such as streaming videos, downloading stuff, etc is extremely slow and steals bandwidth from the tor network.

it does beg the question: what is it used for if not daily browsing?  If I can't use it for daily activities on either *nix or Windows because it's too slow, what's the point of sending all my network traffic through it?
0
 
LVL 10

Expert Comment

by:Brandon Lyon
Daily browsing means different things to different people. What's that saying? If you're using a hammer then everything looks like a nail?

I rarely, if ever, stream videos or download anything. Most of the time I'm reading news, hanging out in forums, communicating with other people, searching the net, browsing, etc. I don't need lots of bandwidth for that.
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
I personally use it for irc, coding DHT code through tor, etc. It's all up to you whether you want to use it for your daily browsing activities.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
Thanks, Brandon...that makes sense.

So Tor is really only useful for low-bandwidth applications.  YouTube, Facebook, and other resource-heavy things will probably be too slow or unusable altogether?
0
 
LVL 5

Author Comment

by:Pasha Kravtsov
They are all usable.. some nodes give you fast access, some are hideously slow.. you CAN watch videos, download stuff whatever it's whether you want to deal with the slowness.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Join & Write a Comment

In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Other articles by this author

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month