[tor-talk] howto: Raspberry Pi as transparent tor proxy
Sven Wolf
torproject at fusion-zone.net
Sun Oct 28 17:22:51 UTC 2012
Hi all,
here're some informations how I configured my Raspberry Pi as an
transparent tor proxy for my home network.
Currently in my opinion the Raspberry Pi is a cheap and flexible
platform for this task. I thought about to use an
dd-wrt based router as a transparent tor proxy but there a no current
optware packages for the dd-wrt/openwrt platform and
also there is no final tutorial which describes in detail how to set up
a transparent tor proxy on the dd-wrt/openwrt platform :(
My configuration is:
- 256 mb Raspberry Pi
- usb wifi adapter TP-Link WL-722N with an external antenna (drivers are
already included in the current Raspian os)
- 4 port D-Link usb hub DUB-H4
- hama power supply
- sandisk 4 gb sdcard
- Raspian Linux
for other supported hardware please look at:
http://www.elinux.org/RPi_VerifiedPeripherals
For the wirless accesspoint configuration I followed the instruction from:
http://sirlagz.net/2012/08/09/how-to-use-the-raspberry-pi-as-a-wireless-access-pointrouter-part-1/
Here are my steps for the setup. I've installed following additional
packages:
dnsmasq
dnsutils
hostapd
iw
net-tools
tor
First: create/modify /etc/dnsmasq.conf
interface=wlan0
dhcp-range=10.0.0.2,10.0.0.10,255.255.255.0,24h
dhcp-option=3,10.0.0.1
Second: create/modify /etc/hostap/hostapd
interface=wlan0
driver=nl80211
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=<your ssid>
hw_mode=g
channel=<your channel, e.g. 11>
wpa=2
wpa_passphrase=<your passphrase>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
For the Tor and iptables configuration I followed the instructions from:
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#AnonymizingMiddlebox
I didn't modify /etc/resolv.conf to 127.0.0.1 because I had problems
with the network connection directly on the Raspberry Pi.
E.g. it wasn't possible to download Raspian packages or to open websites
with lynx.
Third: create/modify /etc/torrc
Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 10.0.0.1
DNSPort 53
DNSListenAddress 10.0.0.1
Fourth: create an executable script at /etc/network/if-pre-up.d, e.g.
/etc/network/if-pre-up.d/iptables.sh with following content
#!/bin/bash
/sbin/iptables-restore < /etc/iptables.rules
Fifth: enter the iptables ruleset directly on the shell
iptables -F
iptables -t nat -F
iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT
--to-ports 53
iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT
--to-ports 9040
Sixth: create /etc/iptables.rules like this
iptables-save > /etc/iptables.rules
In my opionion there is room for improvment. Maybe someone have
additional ideas or configuration recommendations, e.g. for the firewall.
The missing RTC don't seem to be a problem for this configuration. But
there is an tutorial how to add an RTC to the Raspberry Pi:
http://www.raspberrypi.org/phpBB3/viewtopic.php?f=44&t=16218
Thanks and best regards,
Sven
More information about the tor-talk
mailing list