What's new

torrc persistence (tor not responding to socks proxy requests)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Martin Fishkov

Regular Contributor
Hi all,

First, coming from provider maimed router software and seeing Merlin: WOW!
What took me weeks of mucking about to create with my trusty old Raspberry was done in minutes now. Very nice.
However.....
I am failing to get TOR to work as a socks proxy (I get it to work for all clients, but I only want to use TOR sometimes...) So I thought I'd add a few lines to torrc (after I finally found it in /tmp) However- it gets overridden, and I can't use the cool /jffs/configs/torrc.add trick- torrc isn't in the original; formware.. So, where / how to I change the torrc file?
(and, while I'm here, why isn't it responding to socks proxy requests??)

Thanks!
 
first disable tor in web gui
save your torrc config in /jffs/configs/torrc
add to /jffs/scripts/firewall-start
"tor -f /jffs/configs/torrc"
add port opening if you want to participate in the routing network (no exit ports needed)
 
Thanks- Awesome!

Say, hope you don't mind me asking another one: do you know if it is possible to only route traffic from a specific wifi network through TOR? Now it kinda seems all-or-nothing. (btw- I couldn't get this to work reliably in OpenWRT either, so it may not be possible...)
I'd like to create an open guest network that routes through TOR...
 
late reply - i don't know if you still need this info but here it is:
i've already done this (guest wifi via tor):
you just need to redirect traffic via iptables - tcp via tor port and udp to tor dns:

Code:
iptables -t nat -I PREROUTING -i br-LAN_guest -p udp --dport 53 -j REDIRECT --to-ports 5300
iptables -t nat -I PREROUTING -i br-LAN_guest -p tcp --syn -j REDIRECT --to-ports 9040
 
Hey Maurer, thanks again! Still relevant and useful.
I was looking at iptables but can't find details on the interface names I can use. Any idea where this is documented? (I may want to do the same trick on all traffic that comes in through LAN port 1)

[edit]
oh- wait- can't find an /etc/config/network, but there is
nvram show|grep ifname
Got it. I hope.
[/edit][edit2]
Hmmm, guess I will have to experiment which is which. (and hope I do noit lock myself out?)

me@myrouter:# nvram show|grep ifname
printer_ifname=usb
wan0_gw_ifname=eth0
wan1_pppoe_ifname=
wan0_ifname=eth0
wl0_ifname=eth1
size: 54076 bytes (11460 left)
wan0_pppoe_ifname=
wl0_vifnames=wl0.1 wl0.2 wl0.3
wl1_vifnames=wl1.1 wl1.2 wl1.3
wan1_ifname=
wl1_ifname=eth2
dpsta_ifnames=
wl0.1_ifname=wl0.1
wl1.1_ifname=wl1.1
lan_ifnames=vlan1 eth1 eth2 wl0.1
wan_ifnames=eth0
wl0.2_ifname=wl0.2
wl1.2_ifname=wl1.2
wl_ifnames=eth1 eth2
lan_ifname=br0
wl_vifnames=wl0.1 wl0.2 wl0.3
wl_ifname=eth1
wl0.3_ifname=wl0.3
wl1.3_ifname=wl1.3
acs_ifnames=eth1 eth2
vpnc_pppoe_ifname=ppp5
[/edit2]
 
Last edited:
Hmmm, adding the iptables lines to the nat-start script in jffs seems to break my vpn
(To test remotely I am using an OpenVPN connection to tinker)
I simply replaced br-LAN_guest with tunxx, where tunxx is the ifname of the vpn. There is a result, but not what I'd hoped: it seems dns is no longer working :( Am I missing something?

Edit: also using wl0.1 as ifname doesn't work- hosts don't get resolved anymore, and even ip address urls aren't opened. Definately missing something. o_O
 
Last edited:
you actually need to replace br-LAN_guest by wl0.1 (quest network)
Are you sure you;re running tor DNSPort on 5300 like the iptables commands states to be able to resolve addreses and TransPort on 9040 ?
Is your tor running successfully ?
you can send me a pm for a faster reply
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top