-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello there,
I'm trying to set up a "isolating transparent proxy" a la Whonix, where there are a gateway node and a workstation node. Connected to the internet | | eth0 -- 192.168.27.x +-------------------------------+ | Gateway node | | Tor client | | * DNSPort 192.168.42.1:53 | | * TransPort 192.168.42.1:9040 | | * SocksPort 192.168.42.1:9050 | +-------------------------------+ | eth1 -- 192.168.42.1 | | eth0 -- 192.168.42.x +---------------------------------------------------+ | Workstation node | | | | resolv.conf -> 192.168.42.1 | | IPv6 -> no routes | | IPv4 -> to 192.168.42.0/24 via eth0, gateway none | +---------------------------------------------------+ Currently, * `dig check.torproject.org` on Workstation works. * `torsocks curl https://check.torproject.org/` works and properly anonymized, of course. * No non-tor traffic can go out from Workstation. No transparent proxy means no internet connection, rather than leaks. Now, I need to allow 'normal' traffic to work using a transparent proxy, on Workstation, because some programs don't support a proxy (of any kind) at all. This is not a desktop setup, and stream isolation is not critical here. There are tutorials on transparent proxying online, but not for remote TransPort one. What kind of iptables rules do I need to make this work? There should be instructions to do so online. I searched through trac.torproject.org, whonix.org and whonix Github, but I found nothing. What should happen (on Workstaion): Try to connect to TCP check.torproject.org:443 - -> Linux captures with iptables - -> forwarded to 192.168.42.1:9040 (TransPort) Can anyone help me? Thanks, onionsalad -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWvEDqAAoJEKdg1QRuSIJwbEIQAI68wkmUJX+Zh+irqdOcNysN QCSZlLtjcfEQtthBq2kS/efR74tOGZgQs7yLpqge0UGPbkZcbXQsRba5Ese1Uuds K6BgdOnAhQ6CXISKbGpK/yvfD6p9IsLFMGMIHZOnHFs4k6Ur7y5ynbajm8uumyVJ Tj1HaC6s0Itsak4hwAoy78Rjai5tVSNusJXCFPnZc3SLbT5og5lDmenV6OZS7ltr C8plsxusYxqZYpQDVJIPFVJu01hJOaHBHErZ77OFyQoJkWHBM3PEHNrVq+KTonKv qYpS/Or4NzAhVJbYFKnM9xCdm1ucwkoOQ9A1Ew2t4QnsEzAeYTEVA9XJI4fm+/1L q1pVhU8cAFdteabyhihF91irMkJIx/4D2ecxw/HkukMIJd6z1gi/Nj6DNBsyl9Lm MSsf7ii8k/rhLCDZfGQACm7qEeJcEmV+Gjpi2I+ySObUk83ViCFyS4Q942riJ2Ri DNzjTvzfd+px1MFYzgbSzS/y7jN/TqB4N77MjKgVa8GL3l7BPwwgqhjiC5YlCM44 TnDyuqoDgZLMfX0szs55CPRoGq1/v5m/wVBWOl7maiF5T52LxE2YlosNeYAyXtsE /bUfzlFX4wxZBukWUwC8M2YF8pZsJ3wPBXMVsO5Jg7KkjgtEoRZgtCcs8DBzP6x4 DlDV8XWAkW2OQbaaifGL =ud68 -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
