Jump to content
Not connected, Your IP: 3.137.189.236
Sign in to follow this  
cm0s

iptables openvpn ssl tor network

Recommended Posts

Posted ... (edited)

with iptables these are the rules i am using basically:

 

iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT #communicate with any DHCP server/router
iptables -A INPUT -s 255.255.255.255 -j ACCEPT #communicate with any DHCP server/router
iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT #communicate within lan
iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # make sure eth0/tun0 can communicate
iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to 10.5.0.1 #use vpn dns
iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 # use vpn dns
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE # map tun0 outgoing IP addy
iptables -A OUTPUT -o eth0 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP # if traffic isn't vpn

and my tor config:

VirtualAddrNetwork 10.192.0.0/10
TransPort 9040
DNSPort 53
AutomapHostsOnResolve 1

##hidden service shit
HiddenServiceDir /var/lib/tor/
HiddenServicePort 443 127.0.0.1:443
HiddenServiceAuthorizeClient stealth v1ztr
HidServAuth z4ojdtiaqvdfi4ys.onion sumkewlkey 

with static config my /etc/resolv.conf shows only airvpn 10.5.0.1

and have my router set to static also

 

i'm working on a script that works with airvpn/ssl/tor

what i am trying to do is i have found scripts/iptables rules online that

you can make your tor traffic on your box system wide, meaning if ya use any

app on your box your box's traffic goes through tor system wide and that i know how to do, what i'd like to do is have some iptables rules that allows me to connect to airvpn first like above, because really at this point my threat model is my ISP, just from their basic data-mining practices, anway, could someone paste a set of iptables rules that adds onto what is above so after my box is connected to airvpn/ssl via port 443 all traffic then gets routed to the tor network?

i've come close modding the backbox anonymous script that raffaele made for his distro backbox

 

splif

 

not sure if it would be a good idea to do transparent routing but if you do have iptables rules that can route all traffic through vpn and have tor system wide please let me know, been googling it and testing this, i don't want to mess with the resolv.conf want to keep that 10.5.0.1

the idea here is this saves me from having to torsocks this or privoxy that, however might be further ahead to keep the config like it is, dunno yet...

Edited ... by splif

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...