[tor-talk] Linux kernel transproxy packet leak (w/ repro case + workaround)

Mirimir mirimir at riseup.net
Sat Mar 29 20:47:53 UTC 2014

On 03/29/2014 01:52 PM, Soul Plane wrote:
> On Sat, Mar 29, 2014 at 12:59 PM, Patrick Schleizer <adrelanos at riseup.net>wrote:
>> Soul Plane:
>>> I have an Ubuntu middlebox to torify. It uses TransListenAddress,
>>> TransPort. One interface accepts incoming traffic that will be torified.
>>> The connections to the tor network go out on the other interface which
>> can
>>> access the internet unrestricted. I can't find the original directions I
>>> used to set it up. The Torbox page I have commented in my config now says
>>> it's been replaced by Whonix. I tried the wiki there but it doesn't load:
>>> http://sourceforge.net/p/whonix/wiki/ Does what you're saying apply to a
>>> setup like mine? Thanks
>> The TorBOX instructions project does no longer exist. Old instructions
>> do still exist in torproject wiki history. Reviving them from wiki
>> history will be tedious.
> The directions I used turned a normal Ubuntu 12.04 LTS with two network
> adapters into a tor middle box. It was a long time ago and I don't remember
> how I did it, but I had the torbox url commented in my config next to the
> transproxy option. I looked at the torbox url via internet archive (june
> 2012) but I can't find the directions I used. My iptables don't seem to
> have any entries.

Your best option may be Whonix. If you want physical isolation, you
could run the Whonix gateway on your middle box, and the workstation on
your (lacking a better word) workstation. You can either attempt bare
metal installations, or cheat using VirtualBox.

More information about the tor-talk mailing list