torrc persistence (tor not responding to socks proxy requests)

[Martin Fishkov]

Hi all,

First, coming from provider maimed router software and seeing Merlin: WOW!
What took me weeks of mucking about to create with my trusty old Raspberry was done in minutes now. Very nice.
However.....
I am failing to get TOR to work as a socks proxy (I get it to work for all clients, but I only want to use TOR sometimes...) So I thought I'd add a few lines to torrc (after I finally found it in /tmp) However- it gets overridden, and I can't use the cool /jffs/configs/torrc.add trick- torrc isn't in the original; formware.. So, where / how to I change the torrc file?
(and, while I'm here, why isn't it responding to socks proxy requests??)

Thanks!

 

[maurer]

first disable tor in web gui
save your torrc config in /jffs/configs/torrc
add to /jffs/scripts/firewall-start
"tor -f /jffs/configs/torrc"
add port opening if you want to participate in the routing network (no exit ports needed)

 

[Martin Fishkov]

Thanks- Awesome!

Say, hope you don't mind me asking another one: do you know if it is possible to only route traffic from a specific wifi network through TOR? Now it kinda seems all-or-nothing. (btw- I couldn't get this to work reliably in OpenWRT either, so it may not be possible...)
I'd like to create an open guest network that routes through TOR...

 

[maurer]

late reply - i don't know if you still need this info but here it is:
i've already done this (guest wifi via tor):
you just need to redirect traffic via iptables - tcp via tor port and udp to tor dns:

iptables -t nat -I PREROUTING -i br-LAN_guest -p udp --dport 53 -j REDIRECT --to-ports 5300
iptables -t nat -I PREROUTING -i br-LAN_guest -p tcp --syn -j REDIRECT --to-ports 9040

 

[Martin Fishkov]

Hey Maurer, thanks again! Still relevant and useful.
I was looking at iptables but can't find details on the interface names I can use. Any idea where this is documented? (I may want to do the same trick on all traffic that comes in through LAN port 1)

[edit]
oh- wait- can't find an /etc/config/network, but there is
nvram show|grep ifname
Got it. I hope.
[/edit][edit2]
Hmmm, guess I will have to experiment which is which. (and hope I do noit lock myself out?)

me@myrouter:# nvram show|grep ifname
printer_ifname=usb
wan0_gw_ifname=eth0
wan1_pppoe_ifname=
wan0_ifname=eth0
wl0_ifname=eth1
size: 54076 bytes (11460 left)
wan0_pppoe_ifname=
wl0_vifnames=wl0.1 wl0.2 wl0.3
wl1_vifnames=wl1.1 wl1.2 wl1.3
wan1_ifname=
wl1_ifname=eth2
dpsta_ifnames=
wl0.1_ifname=wl0.1
wl1.1_ifname=wl1.1
lan_ifnames=vlan1 eth1 eth2 wl0.1
wan_ifnames=eth0
wl0.2_ifname=wl0.2
wl1.2_ifname=wl1.2
wl_ifnames=eth1 eth2
lan_ifname=br0
wl_vifnames=wl0.1 wl0.2 wl0.3
wl_ifname=eth1
wl0.3_ifname=wl0.3
wl1.3_ifname=wl1.3
acs_ifnames=eth1 eth2
vpnc_pppoe_ifname=ppp5
[/edit2]

 

[Martin Fishkov]

Hmmm, adding the iptables lines to the nat-start script in jffs seems to break my vpn
(To test remotely I am using an OpenVPN connection to tinker)
I simply replaced br-LAN_guest with tunxx, where tunxx is the ifname of the vpn. There is a result, but not what I'd hoped: it seems dns is no longer working Am I missing something?

Edit: also using wl0.1 as ifname doesn't work- hosts don't get resolved anymore, and even ip address urls aren't opened. Definately missing something.

 

[maurer]

you actually need to replace br-LAN_guest by wl0.1 (quest network)
Are you sure you;re running tor DNSPort on 5300 like the iptables commands states to be able to resolve addreses and TransPort on 9040 ?
Is your tor running successfully ?
you can send me a pm for a faster reply