I feel that I should explain something before I start asking any questions so here we go: I'm a fresh convert to Linux (barely few week on Ubuntu!) and as much as I'm fascinated by the matters relating to networking, security and anonymity in equal measure I'm intimidated by them. I don't posses any deep knowledge of those topics, I still barely can handle the basics. But with the wealth of knowledge out there and a healthy dose of experimentation I intend to change this. So if my questions are naive (or plainly stupid) please bear in mind that I'm new here. And now for what is bordering me... I was reading Transparently Routing Traffic Through Tor <https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy> and although I don't need to run Tor as transparent proxy I like the idea of routing the UDP/DNS requests to localhost. If I will reroute all those requests with iptables to the port on which Tor is listening I should have no problems with DNS leaking, right? That should do the trick then: 1. torrc DNSPort 53 DNSListenAddress 127.0.0.1 2. resolv.conf nameserver 127.0.0.1 3. iptables iptables -t nat -A OUTPUT -o lo -j RETURN iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53 iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT iptables -A OUTPUT -j REJECT I'm not an expert regarding iptables and 'man iptables' is *very* frightening for someone who barely slides on the surface of all this. From steep three above I sort of understand purpose of rules three and four but rest of them... Are they needed in this example or they can be safely omitted? If in fact they are required for this set-up to work what is their purpose? I will of course replace $INT_IF and $TOR_UID with required values. -- Tomasz Moskal <ramshackle.industries@xxxxxxxxx> Encrypted mail preferred. Key ID: 2C323C82
Attachment:
signature.asc
Description: This is a digitally signed message part