I am trying to route all traffic from one specific user on one machine on my LAN through Tor, but I am having difficulties. There is probably something I have neglected to configure.
What is special with my setup is that I run Tor on one of my servers (debian). I would like to keep doing this. I am aware that my traffic is flowing in cleartext over my LAN. On this server, Tor is running fine, with the following in torrc: TransPort 10.x.x.x:19050 DNSPort 10.x.x.x:19053 VirtualAddrNetwork 10.192.0.0/10 10.x.x.x is that server's address on the LAN. 'netstat' shows that Tor is listening on these ports. On my client machine, I have created a user called 'torvm'. I have added these two iptables rules: # iptables -A OUTPUT -t nat -p tcp -m owner –-uid-owner torvm -j DNAT --to 10.x.x.x:19050 # iptables -A OUTPUT -t nat -p udp --dport 53 -mowner --uid-owner torvm -j DNAT --to 10.x.x.x:19053 The client is running Ubuntu. I doubt this is relevant at the moment. Now I test this setup on my client: $ w3m -dump_head www.sunet.se What happens is this: 1. The client sends the packets to the server on the correct address and port. This can be seen from a tcpdump trace [1]. 2. I do not get any output from my test command on the client. Without the iptables rules, I do get the expected output. 3. The Tor log shows a warning message: "getsockopt() failed: Protocol not available". I don't know if this is the root of the problem. Googling for this in relation to Tor does not show anything that seemed relevant. Nothing relevant shows up in syslog that is not also in Tor's log. I hope someone here can help me. I'm using Tor 0.2.3.13-alpha-dev (git-627c37ad6a06e3aa) // Anders [1] Trace of tcpdump on the server: IP client.domain.39585 > server.domain.19053: UDP, length 30 IP server.domain.19053 > client.domain.39585: UDP, length 30 IP client.domain.51077 > server.domain.19053: UDP, length 30 IP server.domain.19053 > client.domain.51077: UDP, length 30 IP server.domain.49591 > gateway.domain.domain: 11116+ PTR? x.x.x.10.in-addr.arpa. (41) IP client.domain.58550 > server.domain.19053: UDP, length 43 IP server.domain.19053 > client.domain.58550: UDP, length 43 IP gateway.domain.domain > server.domain.49591: 11116* 1/0/0 PTR client.domain. (76) IP client.domain.35406 > server.domain.19053: UDP, length 43 IP server.domain.19053 > client.domain.35406: UDP, length 43 IP server.domain.55162 > gateway.domain.domain: 33538+ PTR? x.x.x.10.in-addr.arpa. (41) IP client.domain.41624 > server.domain.19053: UDP, length 30 IP server.domain.19053 > client.domain.41624: UDP, length 46 IP gateway.domain.domain > server.domain.55162: 33538* 1/0/0 PTR gateway.domain. (75) IP client.domain.46034 > server.domain.19050: Flags [S], seq 3208505086, win 14600, options [mss 1460,sackOK,TS val 4208312 ecr 0,nop,wscale 7], length 0 IP server.domain.19050 > client.domain.46034: Flags [S.], seq 1175066879, ack 3208505087, win 5792, options [mss 1460,sackOK,TS val 13096141 ecr 4208312,nop,wscale 4], length 0 IP client.domain.46034 > server.domain.19050: Flags [.], ack 1, win 115, options [nop,nop,TS val 4208312 ecr 13096141], length 0 IP client.domain.46034 > server.domain.19050: Flags [P.], seq 1:233, ack 1, win 115, options [nop,nop,TS val 4208312 ecr 13096141], length 232 IP server.domain.19050 > client.domain.46034: Flags [.], ack 233, win 429, options [nop,nop,TS val 13096141 ecr 4208312], length 0 IP server.domain.19050 > client.domain.46034: Flags [R.], seq 1, ack 233, win 429, options [nop,nop,TS val 13096141 ecr 4208312], length 0 [2] Tor log: [info] evdns_server_callback(): Got a new DNS request! [info] evdns_server_callback(): None of the questions we got were ones we're willing to support. Sending NOTIMPL. [info] evdns_server_callback(): Got a new DNS request! [info] evdns_server_callback(): None of the questions we got were ones we're willing to support. Sending NOTIMPL. [info] evdns_server_callback(): Got a new DNS request! [info] evdns_server_callback(): None of the questions we got were ones we're willing to support. Sending NOTIMPL. [info] evdns_server_callback(): Got a new DNS request! [info] evdns_server_callback(): None of the questions we got were ones we're willing to support. Sending NOTIMPL. [info] evdns_server_callback(): Got a new DNS request! [debug] connection_add_impl(): new conn type Socks, socket -1, address 10.x.x.x, n_conns 7. [info] evdns_server_callback(): Passing request for [scrubbed] to rewrite_and_attach. [debug] connection_ap_handshake_rewrite_and_attach(): Client asked for [scrubbed]:0 [info] addressmap_rewrite(): Addressmap: rewriting [scrubbed] to [scrubbed] [info] evdns_server_callback(): Passed request for [scrubbed] to rewrite_and_attach_if_allowed. [debug] conn_read_callback(): socket 53 wants to read. [debug] connection_handle_listener_read(): Connection accepted on socket 12 (child of fd 53). [debug] connection_add_impl(): new conn type Socks, socket 12, address 10.x.x.x, n_conns 8. [debug] connection_ap_process_transparent(): entered. [warn] getsockopt() failed: Protocol not available [warn] Fetching original destination failed. Closing. [debug] conn_close_if_marked(): Cleaning up connection (fd -1). [debug] connection_remove(): removing socket -1 (type Socks), n_conns now 8 [debug] conn_close_if_marked(): Cleaning up connection (fd 12). [debug] connection_remove(): removing socket 12 (type Socks), n_conns now 7 [debug] _connection_free(): closing fd 12. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
