TOR + Iptables

boky · 30 May 2020, 08:46

Hey. Faced a problem. Toriptables worked about a month ago perfectly. Until recently, TOR + Iptables worked well. There was a problem starting toriptables. launch TOR

$sudo tor

/usr/local/bin$ sudo python2 toriptables2.py -l
 [+] Anonymizer status [ON]
 [*] Getting public IP, please wait...
 [?] Still waiting for IP address...
Error in atexit._run_exitfuncs:
Traceback (most recent call last):
  File "/usr/lib/python2.7/atexit.py", line 24, in _run_exitfuncs
    func(*targs, **kargs)
  File "toriptables2.py", line 70, in restart_tor
    my_public_ip = load(urlopen('http://ident.me/.json'))['address']
  File "/usr/lib/python2.7/json/__init__.py", line 291, in load
    **kw)
  File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python2.7/json/decoder.py", line 367, in decode
    raise ValueError(errmsg("Extra data", s, end, len(s)))
ValueError: Extra data: line 1 column 8 - line 1 column 16 (char 7 - 15)
Error in sys.exitfunc:
Traceback (most recent call last):
  File "/usr/lib/python2.7/atexit.py", line 24, in _run_exitfuncs
    func(*targs, **kargs)
  File "toriptables2.py", line 70, in restart_tor
    my_public_ip = load(urlopen('http://ident.me/.json'))['address']
  File "/usr/lib/python2.7/json/__init__.py", line 291, in load
    **kw)
  File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python2.7/json/decoder.py", line 367, in decode
    raise ValueError(errmsg("Extra data", s, end, len(s)))
ValueError: Extra data: line 1 column 8 - line 1 column 16 (char 7 - 15)

Tried to do so /etc/tor/torrc

VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53
ExcludeExitNodes {RU},{UA},{BY}

$ sudo rm -f /etc/resolv.conf 
$ echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf

#!/bin/sh

### set variables
#destinations you don't want routed through Tor
_non_tor="192.168.1.0/24 192.168.0.0/24"

#the UID that Tor runs as (varies from system to system)
_tor_uid="XYZ" # UID  TOR (grep tor /etc/passwd!)

#Tor's TransPort
_trans_port="9040"

### flush iptables
iptables -F
iptables -t nat -F

### set iptables *nat
iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53

#allow clearnet access for hosts in $_non_tor
for _clearnet in $_non_tor 127.0.0.0/9 127.128.0.0/10; do
   iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
done

#redirect all other output to Tor's TransPort
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port

### set iptables *filter
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#allow clearnet access for hosts in $_non_tor
for _clearnet in $_non_tor 127.0.0.0/8; do
   iptables -A OUTPUT -d $_clearnet -j ACCEPT
done

#allow only Tor output
iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
iptables -A OUTPUT -j REJECT

$ sudo iptables-save > /etc/iptables_tor

/etc/rc.local > exit 0

iptables-restore < /etc/iptables_tor

$ sudo update-rc.d tor enable

Auto Backup will not work
Got an error:

sudo service tor start OR sudo /etc/init.d/tor start 
aa-exec: ERROR: profile 'system_tor' does not exist

Although from the desktop, through the adb shell, TOR starts well
The whole problem is that I need TOR)))).
How can you make globally Tor in a system?

boky · 30 May 2020, 12:54

I will answer myself)).
Everything works "Toriptables". Python errors are not clear, but everything works. By the way, I am very grateful to those who will tell you how to add TOR to autostart.