• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
UBports Robot Logo UBports Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

TOR + Iptables

Scheduled Pinned Locked Moved Support
2 Posts 1 Posters 570 Views 1 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      boky
      last edited by boky 30 May 2020, 08:46

      Hey. Faced a problem. Toriptables worked about a month ago perfectly. Until recently, TOR + Iptables worked well. There was a problem starting toriptables. launch TOR

      $sudo tor
      
      /usr/local/bin$ sudo python2 toriptables2.py -l
       [+] Anonymizer status [ON]
       [*] Getting public IP, please wait...
       [?] Still waiting for IP address...
      Error in atexit._run_exitfuncs:
      Traceback (most recent call last):
        File "/usr/lib/python2.7/atexit.py", line 24, in _run_exitfuncs
          func(*targs, **kargs)
        File "toriptables2.py", line 70, in restart_tor
          my_public_ip = load(urlopen('http://ident.me/.json'))['address']
        File "/usr/lib/python2.7/json/__init__.py", line 291, in load
          **kw)
        File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
          return _default_decoder.decode(s)
        File "/usr/lib/python2.7/json/decoder.py", line 367, in decode
          raise ValueError(errmsg("Extra data", s, end, len(s)))
      ValueError: Extra data: line 1 column 8 - line 1 column 16 (char 7 - 15)
      Error in sys.exitfunc:
      Traceback (most recent call last):
        File "/usr/lib/python2.7/atexit.py", line 24, in _run_exitfuncs
          func(*targs, **kargs)
        File "toriptables2.py", line 70, in restart_tor
          my_public_ip = load(urlopen('http://ident.me/.json'))['address']
        File "/usr/lib/python2.7/json/__init__.py", line 291, in load
          **kw)
        File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
          return _default_decoder.decode(s)
        File "/usr/lib/python2.7/json/decoder.py", line 367, in decode
          raise ValueError(errmsg("Extra data", s, end, len(s)))
      ValueError: Extra data: line 1 column 8 - line 1 column 16 (char 7 - 15)
      

      Tried to do so /etc/tor/torrc

      VirtualAddrNetworkIPv4 10.192.0.0/10
      AutomapHostsOnResolve 1
      TransPort 9040
      DNSPort 53
      ExcludeExitNodes {RU},{UA},{BY}
      
      $ sudo rm -f /etc/resolv.conf 
      $ echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf
      
      #!/bin/sh
      
      ### set variables
      #destinations you don't want routed through Tor
      _non_tor="192.168.1.0/24 192.168.0.0/24"
      
      #the UID that Tor runs as (varies from system to system)
      _tor_uid="XYZ" # UID  TOR (grep tor /etc/passwd!)
      
      #Tor's TransPort
      _trans_port="9040"
      
      ### flush iptables
      iptables -F
      iptables -t nat -F
      
      ### set iptables *nat
      iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
      iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
      
      #allow clearnet access for hosts in $_non_tor
      for _clearnet in $_non_tor 127.0.0.0/9 127.128.0.0/10; do
         iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
      done
      
      #redirect all other output to Tor's TransPort
      iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
      
      ### set iptables *filter
      iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
      
      #allow clearnet access for hosts in $_non_tor
      for _clearnet in $_non_tor 127.0.0.0/8; do
         iptables -A OUTPUT -d $_clearnet -j ACCEPT
      done
      
      #allow only Tor output
      iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
      iptables -A OUTPUT -j REJECT
      
      $ sudo iptables-save > /etc/iptables_tor
      

      /etc/rc.local > exit 0

      iptables-restore < /etc/iptables_tor
      
      $ sudo update-rc.d tor enable
      
      

      Auto Backup will not work
      Got an error:

      sudo service tor start OR sudo /etc/init.d/tor start 
      aa-exec: ERROR: profile 'system_tor' does not exist
      

      Although from the desktop, through the adb shell, TOR starts well
      The whole problem is that I need TOR)))).
      How can you make globally Tor in a system?

      1 Reply Last reply Reply Quote 0
      • B Offline
        boky
        last edited by 30 May 2020, 12:54

        I will answer myself)).
        Everything works "Toriptables". Python errors are not clear, but everything works. By the way, I am very grateful to those who will tell you how to add TOR to autostart.

        1 Reply Last reply Reply Quote 0
        1 out of 2
        • First post
          1/2
          Last post