TOR + Iptables



  • Hey. Faced a problem. Toriptables worked about a month ago perfectly. Until recently, TOR + Iptables worked well. There was a problem starting toriptables. launch TOR

    $sudo tor
    
    /usr/local/bin$ sudo python2 toriptables2.py -l
     [+] Anonymizer status [ON]
     [*] Getting public IP, please wait...
     [?] Still waiting for IP address...
    Error in atexit._run_exitfuncs:
    Traceback (most recent call last):
      File "/usr/lib/python2.7/atexit.py", line 24, in _run_exitfuncs
        func(*targs, **kargs)
      File "toriptables2.py", line 70, in restart_tor
        my_public_ip = load(urlopen('http://ident.me/.json'))['address']
      File "/usr/lib/python2.7/json/__init__.py", line 291, in load
        **kw)
      File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
        return _default_decoder.decode(s)
      File "/usr/lib/python2.7/json/decoder.py", line 367, in decode
        raise ValueError(errmsg("Extra data", s, end, len(s)))
    ValueError: Extra data: line 1 column 8 - line 1 column 16 (char 7 - 15)
    Error in sys.exitfunc:
    Traceback (most recent call last):
      File "/usr/lib/python2.7/atexit.py", line 24, in _run_exitfuncs
        func(*targs, **kargs)
      File "toriptables2.py", line 70, in restart_tor
        my_public_ip = load(urlopen('http://ident.me/.json'))['address']
      File "/usr/lib/python2.7/json/__init__.py", line 291, in load
        **kw)
      File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
        return _default_decoder.decode(s)
      File "/usr/lib/python2.7/json/decoder.py", line 367, in decode
        raise ValueError(errmsg("Extra data", s, end, len(s)))
    ValueError: Extra data: line 1 column 8 - line 1 column 16 (char 7 - 15)
    

    Tried to do so /etc/tor/torrc

    VirtualAddrNetworkIPv4 10.192.0.0/10
    AutomapHostsOnResolve 1
    TransPort 9040
    DNSPort 53
    ExcludeExitNodes {RU},{UA},{BY}
    
    $ sudo rm -f /etc/resolv.conf 
    $ echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf
    
    #!/bin/sh
    
    ### set variables
    #destinations you don't want routed through Tor
    _non_tor="192.168.1.0/24 192.168.0.0/24"
    
    #the UID that Tor runs as (varies from system to system)
    _tor_uid="XYZ" # UID  TOR (grep tor /etc/passwd!)
    
    #Tor's TransPort
    _trans_port="9040"
    
    ### flush iptables
    iptables -F
    iptables -t nat -F
    
    ### set iptables *nat
    iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
    iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
    
    #allow clearnet access for hosts in $_non_tor
    for _clearnet in $_non_tor 127.0.0.0/9 127.128.0.0/10; do
       iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
    done
    
    #redirect all other output to Tor's TransPort
    iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
    
    ### set iptables *filter
    iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    #allow clearnet access for hosts in $_non_tor
    for _clearnet in $_non_tor 127.0.0.0/8; do
       iptables -A OUTPUT -d $_clearnet -j ACCEPT
    done
    
    #allow only Tor output
    iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
    iptables -A OUTPUT -j REJECT
    
    $ sudo iptables-save > /etc/iptables_tor
    

    /etc/rc.local > exit 0

    iptables-restore < /etc/iptables_tor
    
    $ sudo update-rc.d tor enable
    
    

    Auto Backup will not work
    Got an error:

    sudo service tor start OR sudo /etc/init.d/tor start 
    aa-exec: ERROR: profile 'system_tor' does not exist
    

    Although from the desktop, through the adb shell, TOR starts well
    The whole problem is that I need TOR)))).
    How can you make globally Tor in a system?



  • I will answer myself)).
    Everything works "Toriptables". Python errors are not clear, but everything works. By the way, I am very grateful to those who will tell you how to add TOR to autostart.


Log in to reply