[tor-talk] howto: Raspberry Pi as transparent tor proxy

John Zoidberg zoidb3rg at rocketmail.com
Tue Oct 30 20:49:23 UTC 2012


Hi all, here're some informations how I configured my Raspberry Pi as an
transparent tor proxy for my home network. Currently in my opinion the Raspberry Pi is a cheap and flexible platform
for this task. I thought about to use an
dd-wrt based router as a transparent tor proxy but there a no current
optware packages for the dd-wrt/openwrt platform and
also there is no final tutorial which describes in detail how to set up a
transparent tor proxy on the dd-wrt/openwrt platform My configuration is:
- 256 mb Raspberry Pi
- usb wifi adapter TP-Link WL-722N with an external antenna (drivers are
already included in the current Raspian os)
- 4 port D-Link usb hub DUB-H4
- hama power supply
- sandisk 4 gb sdcard
- Raspian Linux for other supported hardware please look at: http://www.elinux.org/RPi_VerifiedPeripherals For the wirless accesspoint configuration I followed the instruction from: http://sirlagz.net/2012/08/09/how-to-use-the-raspberry-pi-as-a-wireless-access-pointrouter-part-1/ Here are my steps for the setup. I've installed following additional
packages:
dnsmasq
dnsutils
hostapd
iw
net-tools
tor First: create/modify /etc/dnsmasq.conf interface=wlan0
dhcp-range=10.0.0.2,10.0.0.10,255.255.255.0,24h
dhcp-option=3,10.0.0.1 Second: create/modify /etc/hostap/hostapd interface=wlan0
driver=nl80211
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=<your ssid>
hw_mode=g
channel=<your channel, e.g. 11>
wpa=2
wpa_passphrase=<your passphrase>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP For the Tor and iptables configuration I followed the instructions from: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#AnonymizingMiddlebox I didn't modify /etc/resolv.conf to 127.0.0.1 because I had problems with
the network connection directly on the Raspberry Pi.
E.g. it wasn't possible to download Raspian packages or to open websites
with lynx. Third: create/modify /etc/torrc Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 10.0.0.1
DNSPort 53
DNSListenAddress 10.0.0.1 Fourth: create an executable script at /etc/network/if-pre-up.d, e.g.
/etc/network/if-pre-up.d/iptables.sh with following content #!/bin/bash
/sbin/iptables-restore < /etc/iptables.rules Fifth: enter the iptables ruleset directly on the shell iptables -F
iptables -t nat -F iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT
--to-ports 53
iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports
9040 Sixth: create /etc/iptables.rules like this
iptables-save > /etc/iptables.rules In my opionion there is room for improvment. Maybe someone have additional
ideas or configuration recommendations, e.g. for the firewall.
The missing RTC don't seem to be a problem for this configuration. But
there is an tutorial how to add an RTC to the Raspberry Pi: http://www.raspberrypi.org/phpBB3/viewtopic.php?f=44&t=16218 Thanks and best regards 


More information about the tor-talk mailing list