Running Tor as Transparent Proxy
I am a member!
Has anyone in the community attempted this and succeeded? I was following documentation from the Tor project to achieve this, but it does not seem to work [1]. If I add the configuration settings into torrc (I'm changing the one included in TBB) then I cannot get TBB to connect. It exits stating something about a bad configuration file. If I change the iptables configuration, and not torrc then it simply gets stuck trying to get a connection. If I change both and then run, I get the same thing as the first case. I'm not using ethernet, but instead wireless by the way. Any ideas?
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
As far as I understand, the "Tor Browser Bundle" bundles Tor. If you install Tor, you need no TBB.
I am a member!
Thanks for the reply Magic Banana. I am using the Tor that is included in TBB. I have not installed Tor from another source.
But the documentation you link to requires Tor, not the Tor Browser Bundle. At least, that is what I understand (any Tor user around here?).
The Tor Browser Bundle includes Tor, so it's probably better than using the older Tor in the repos. The actual tor binary is at Tor/tor in TBB,
Don't mind Magic Banana. Most of the time the guy doesn't have the slightest idea. What's better, is that he does not use the apps he is talking about in his replies. Of course, that does not stop him from having lots and lots of oppinions.
DO NOT USE THE REPOS.
Unless they are from the Tor project.
They are OUTDATES. Worse, a lot of bad things have happened lately. I have read they want to upgrade the Debian repositories, but there was nothing about Ubuntu.
The way you go with TBB is the right way.
What you are trying to do is quite risky, because lots (most?) apps tend to be very verbose. Worse. App developers don't know too much about networking and don't care too much about security. Some time in highschool everybody found out about how nice is to gather data, they call them statistics, about the user. So too much info over an unsecured channel spells inviting trouble. Some years ago there were talks about how an exit node gathered users and passwords even from American embassies. Scarry stuff.
About your problem: remember that if you configure the torrc for another port, torbrowser should be configured for that port as well. Otherwise, tor starts, tor browser can't connect, torbrowser fails and closes, tor closes as well.
Give me more information about what you want to do and what fails. Or go straight to the [tor-talk] or the Tor helpdesk. The Wiki is mostly outdated, but I can't say this particular page is new or old.
Cheers!
I am a member!
Using the Tor included in TBB does not seem like a good idea. Once I changed settings on torrc, it began to look for files and directories that are expected in a full installation of Tor (.tor in home directory for example). Perhaps with symlinks it would be possible to get it to a usable state, but it might be prone to break.
As to the part about Tor Browser, it is not relevant. The idea is to make Tor transparent to every program. This way the program does not necessarily have to be SOCKS enabled to use Tor. Yes, I am aware that many programs could send sensitive information. This is a very stripped down box, so I'm not too worried about that.
I installed the version of Tor in the Trisquel repos just to experiment. It is unable to understand the setting "VirtualAddrNetworkIPv4" but "VirtualAddrNetwork" works. I was unable to get this to work with the sample rules provided on the wiki. The transproxy.firewall.sh script by isislovecruft does work however. It seems it should support multiple users, but no matter how I've tried I've been unable to get that working either. Also of note is that if I run it with just "root" as user, no program that I open from terminal using sudo is able to connect to the Internet. If, however, I give my user account access, using sudo results in the programs having Internet access. What does sudo do exactly?
If running NetworkManager, it is necessary to specify 127.0.0.1 as DNS right in the configuration here. It seems like NetworkManager ignores resolv.conf.
Also worth noting, that I have to restart Tor every time after booting up, otherwise I'm unable to connect after adding the iptables rules.
I'll look through that script to see if I can figure out how come it works and the sample rules on that wiki do not.
There is no «full installation» of Tor. Tor can be «portable». Or not. Myself I don't need anything more and I'm up to date.
For what you describe there, you should take a look at Wonix.
And remember: always go for the latest version. Always check the signatures.