UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    TOR + Iptables

    Scheduled Pinned Locked Moved Support
    2 Posts 1 Posters 569 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
      Reply
      • Reply as topic
      Log in to reply
      This topic has been deleted. Only users with topic management privileges can see it.
      • B Offline
        boky
        last edited by boky

        Hey. Faced a problem. Toriptables worked about a month ago perfectly. Until recently, TOR + Iptables worked well. There was a problem starting toriptables. launch TOR

        $sudo tor
        
        /usr/local/bin$ sudo python2 toriptables2.py -l
         [+] Anonymizer status [ON]
         [*] Getting public IP, please wait...
         [?] Still waiting for IP address...
        Error in atexit._run_exitfuncs:
        Traceback (most recent call last):
          File "/usr/lib/python2.7/atexit.py", line 24, in _run_exitfuncs
            func(*targs, **kargs)
          File "toriptables2.py", line 70, in restart_tor
            my_public_ip = load(urlopen('http://ident.me/.json'))['address']
          File "/usr/lib/python2.7/json/__init__.py", line 291, in load
            **kw)
          File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
            return _default_decoder.decode(s)
          File "/usr/lib/python2.7/json/decoder.py", line 367, in decode
            raise ValueError(errmsg("Extra data", s, end, len(s)))
        ValueError: Extra data: line 1 column 8 - line 1 column 16 (char 7 - 15)
        Error in sys.exitfunc:
        Traceback (most recent call last):
          File "/usr/lib/python2.7/atexit.py", line 24, in _run_exitfuncs
            func(*targs, **kargs)
          File "toriptables2.py", line 70, in restart_tor
            my_public_ip = load(urlopen('http://ident.me/.json'))['address']
          File "/usr/lib/python2.7/json/__init__.py", line 291, in load
            **kw)
          File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
            return _default_decoder.decode(s)
          File "/usr/lib/python2.7/json/decoder.py", line 367, in decode
            raise ValueError(errmsg("Extra data", s, end, len(s)))
        ValueError: Extra data: line 1 column 8 - line 1 column 16 (char 7 - 15)
        

        Tried to do so /etc/tor/torrc

        VirtualAddrNetworkIPv4 10.192.0.0/10
        AutomapHostsOnResolve 1
        TransPort 9040
        DNSPort 53
        ExcludeExitNodes {RU},{UA},{BY}
        
        $ sudo rm -f /etc/resolv.conf 
        $ echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf
        
        #!/bin/sh
        
        ### set variables
        #destinations you don't want routed through Tor
        _non_tor="192.168.1.0/24 192.168.0.0/24"
        
        #the UID that Tor runs as (varies from system to system)
        _tor_uid="XYZ" # UID  TOR (grep tor /etc/passwd!)
        
        #Tor's TransPort
        _trans_port="9040"
        
        ### flush iptables
        iptables -F
        iptables -t nat -F
        
        ### set iptables *nat
        iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
        iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
        
        #allow clearnet access for hosts in $_non_tor
        for _clearnet in $_non_tor 127.0.0.0/9 127.128.0.0/10; do
           iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
        done
        
        #redirect all other output to Tor's TransPort
        iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
        
        ### set iptables *filter
        iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
        
        #allow clearnet access for hosts in $_non_tor
        for _clearnet in $_non_tor 127.0.0.0/8; do
           iptables -A OUTPUT -d $_clearnet -j ACCEPT
        done
        
        #allow only Tor output
        iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
        iptables -A OUTPUT -j REJECT
        
        $ sudo iptables-save > /etc/iptables_tor
        

        /etc/rc.local > exit 0

        iptables-restore < /etc/iptables_tor
        
        $ sudo update-rc.d tor enable
        
        

        Auto Backup will not work
        Got an error:

        sudo service tor start OR sudo /etc/init.d/tor start 
        aa-exec: ERROR: profile 'system_tor' does not exist
        

        Although from the desktop, through the adb shell, TOR starts well
        The whole problem is that I need TOR)))).
        How can you make globally Tor in a system?

        1 Reply Last reply Reply Quote 0
        • B Offline
          boky
          last edited by

          I will answer myself)).
          Everything works "Toriptables". Python errors are not clear, but everything works. By the way, I am very grateful to those who will tell you how to add TOR to autostart.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post