[email protected] writes: > Thank you for your help Stuart. I'll just use curl for now. Actually use torsocks seems a bad practice for any situation, I should just set a transparent proxy (but the pf.conf > from torproject.org does not work, I'll need to write is myself some day). > Thanks again.
For the benefit of your lazy bone, and anyone else who comes across it, here's the configuration I worked out. In OpenBSD's favour, I managed this despite being relatively new to OpenBSD administration and completely new to pf, so I don't know if it's 'right', but it is 'successful'. Tor router sits on a lan as any other server would at 10.42.0.8 and the subnet it anonymises at 10.172.192.2. 10.172.192.0/24 route through it (enforced by the switch/bridge they all plug in to). # cat /etc/pf.conf # <default config> pass in quick inet proto tcp from 10.172.192.0/24 to 10.172.192.2 port tor pass in quick inet proto udp from 10.172.192.0/24 to port domain pass in quick inet from 10.172.192.0/24 divert-to 127.0.0.1 port transtor pass out quick inet from 10.172.192.0/24 divert-reply block in quick inet from 10.172.192.0/24 # getent services tor transtor tor 9050/tcp transtor 9040/tcp # grep -v ^# /etc/tor/torrc | hand-grep _RELEVANT_LINES_ OutboundBindAddress 10.42.0.8 # Bind to the lan for outgoing connections SocksPort 127.0.0.1:9050 SocksPort 10.172.192.2:9050 SocksPolicy accept 127.0.0.0/8 SocksPolicy accept 10.172.192.0/24 SocksPolicy reject * VirtualAddrNetworkIPv4 10.127.0.0/16 AutomapHostsOnResolve 1 TransPort 127.0.0.1:9040 TransPort 10.172.192.2:9040 DNSPort 127.0.0.1:53 DNSPort 10.172.192.2:53 TransProxyType pf-divert Cheers, Matthew
