tor
can be configured on a middlebox in order to spread out DNS
requests and mask all TCP
traffic. This is different from running Vidalia
and using the tor
browser because the traffic will be masked transparently by a gateway so that you can use any browser or application behind it. We have been using it for quite some time now with great results.
For a setup that will allow you to browse both .onion
and .i2p
domains, see the proxy chaining page.
torrc
is the main configuration file usually residing at /etc/tor/torrc
. The necessary additions are:
TransPort 9040 TransListenAddress 192.168.5.1 DNSPort 9053 DNSListenAddress 192.168.5.1
where 192.168.5.1
is the IP
address of the gateway. This will mask all TCP
traffic on 9040
and DNS
queries on port 9053
.
The firewall needs to redirect the usual traffic to the tor
ports:
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT --to-ports 9053 iptables -t nat -A PREROUTING -i eth0 -p tcp --syn -j REDIRECT --to-ports 9040
and eth0
is the local lan
interface.
A local IP
address can be exluded by using the negated -s
source mathcher. For example:
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 ! -s 192.168.5.10 -j REDIRECT --to-ports 9053