How to Set Up a TOR Middlebox Routing All VirtualBox Virtual Machine Traffic Over the TOR Network

Options For ThisHowto

Free SupportPaid Support

Navigation

Howtos

Linux

Android

CentOS

Debian

Fedora

Kernel

Mandriva

PCLinuxOS

SuSE

Ubuntu

Web Server

Apache

Cherokee

Lighttpd

nginx

Backup

Control Panels

ISPConfig

DNS

BIND

MyDNS

PowerDNS

djbdns

Desktop

Email

Anti-Spam/Virus

Postfix

FTP

High-Availability

Monitoring

MySQL

Programming

C/C++

PHP

Samba

Security

Anti-Spam/Virus

Storage

Register Login Contribute Subscribe RSS

NewsFAQForgeISPConfigSubscribeContributeForumsHowtos

How To Set Up A TOR Middlebox Routing All VirtualBox ... http://www.howtoforge.com/how-to-set-up-a-tor-middlebo...

1 de 9 05/05/13 02:15

Virtualization

KVM

OpenVZ

VMware

VirtualBox

Xen

Other

FreeBSD

Commercial

Mini-Howtos

Linux

Apache

Backup

DNS

Errors

FTP

MySQL

Networking

PHP

Postfix

Security

Sendmail

Shell

Other

ISPConfig

Forums

Contribute

Create Content

Subscription

Login

Site Map/RSS Feeds

User login

Username:

Password:

Remember Me?

Log in

Create a new accountRequest new password

Facebook


2 de 9 05/05/13 02:15

Who's online

There are currently 3 usersand 3312 guests online.

HowtoForgeForums

Cannot openfirewall ports

VMWARE networkingquestion

A supported tabletwas not found onthis system?

Migrating Serves?

email woes

smstoolsproblem[cant sendsms]

Cluster update

POSTFIX SASLproblem

The PerfectDesktop Lubuntu

The PerfectDesktop Xubuntu13.04

News

Intel Commits More MesaPerformance Optimizations

6 Invaluable Free SchemeBooks

Build & Defend hasgotten some updates!

Some tricks with htop

Could a Double FineHumble Bundle becoming?


3 de 9 05/05/13 02:15

Portal Runs natively onLinux

5 Links for Developers andIT Pros 5-3-13

XBMC Media Center 12.2Brings Numerous UPnPFixes

phpMyAdmin 4.0 ReleaseKills Off The Tables

Android trounces Apple inQ1 2013 tablet shipments

more

Recent comments

missing step20 hours 17 min ago

Thanks for this wonderful1 day 4 hours ago

addition for ispconfig1 day 6 hours ago

Re: Re: Re: installingAdobe Reader does notwork...1 day 8 hours ago

Re: Re: Re: Re: i use.htaccess to changephp_value1 day 13 hours ago

Re: can't access1 day 13 hours ago

Load balance serversdifference location1 day 17 hours ago

This also helped me installLAMP and phpMyAdmin1 day 21 hours ago

Re: Re: Re: Re:Makinglinux windows like.2 days 2 hours ago

=== INFO ===It'sWorks with2 days 9 hours ago

Newsletter

Subscribe toHowtoForgeNewsletterand stay informed aboutour latest HOWTOs andprojects.

enter email address


4 de 9 05/05/13 02:15

Submit

(To unsubscribe fromour newsletter, visit thislink.)

English | Deutsch | Site Map/RSS Feeds | Advertise

You are here: Home » Howtos » Linux » How To Set Up A TOR Middlebox Routing All VirtualBox Virtual Machine Traffic OverThe TOR Network

How To Set Up A TOR Middlebox Routing All VirtualBox Virtual Machine TrafficOver The TOR Network

Want to support HowtoForge? Become a !

Submitted by chris_dj (Contact Author) (Forums) on Mon, 2012-02-06 18:03. :: Linux | Ubuntu | Security

How To Set Up A TOR Middlebox Routing All VirtualBox Virtual MachineTraffic Over The TOR NetworkThis tutorial will show you how to reroute all traffic for a virtual machine through the Tor network to ensureanonymity. It assumes a standalone machine with a Linux OS, and VirtualBox installed. In this case, we'll beusing Ubuntu on the host machine.

Thanks to- http://www.tolaris.com/2009/03/05/using-host-networking-and-nat-with-virtualbox/- https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy- http://www.rootdamnit.eu/2011/12/10/virtualbox-tor-backtrack-aka-how-to-become-almost-invisible/

All commands on the host machine should be run as root (sudo or su.

Step 1 - Add A Bridge Interface For Your Virtual Machine (VM) On The Host Machine (HM)

# apt-get install bridge-utils

Add the following to /etc/network/interfaces:

# VirtualBox NAT bridgeauto vnet0iface vnet0 inet static address 172.16.0.1 netmask 255.255.255.0 bridge_ports none bridge_maxwait 0 bridge_fd 1 up iptables -t nat -I POSTROUTING -s 172.16.0.0/24 -j MASQUERAD down iptables -t nat -D POSTROUTING -s 172.16.0.0/24 -j MASQUER


5 de 9 05/05/13 02:15

Start the bridge interface:

# ifup vnet0

Step 2 - Setup DHCP And DNS For Clients

# apt-get install dnsmasq

Edit /etc/dnsmasq.conf to include:

interface=vnet0dhcp-range=172.16.0.2,172.16.0.254,1h

Start the daemon:

# /etc/init.d/dnsmasq restart

Step 3 - Install And Set Up TOR

Install TOR - INSTUCTIONS

Edit /etc/tor/torrc and add:

VirtualAddrNetwork 10.192.0.0/10AutomapHostsOnResolve 1TransPort 9040TransListenAddress 172.16.0.1DNSPort 53DNSListenAddress 172.16.0.1

Restart TOR:


6 de 9 05/05/13 02:15

#/etc/init.d/tor restart

Create and edit middlebox.sh on the HM:

#!/bin/sh

# destinations you don't want routed through TorNON_TOR="192.168.1.0/24"

# Tor's TransPortTRANS_PORT="9040"

# your internal interfaceINT_IF="vnet0"

iptables -Fiptables -t nat -F

for NET in $NON_TOR; doand run it:

#./middlebox.sh

Step 4 - Set Up The Virtual Machine On The HM

Open VirtualBox, start the machine. Go to Devices > Network Adapter. Disable all network adapters except

Adapter 1.

Set the following options:

Attached to: Bridged Adapter

Name: vnet0

Click OK.

Finally make sure your virtual machine gets its IP address via DHCP, and refresh the DHCP client/reboot theVM. It should have an IP in the range 172.16.0.n, name resolver 172.16.0.1 and gateway 172.16.0.1.

Copyright © 2012 CDHAll Rights Reserved.

add comment | view as pdf | print

Please do not use the comment function to ask for help! If you need help, please use our forum.Comments will be published after administrator approval.

Thanx four this tutorial, ISubmitted by Anonymous (not registered) on Tue, 2012-10-16 14:56.

Thanx four this tutorial, I have searched a lot for this but never found it. My problem is, I want to do this on arch linuxand there doesn't exists the file /etc/network/interfaces or any similar config.So i want to start the bridge manually with:


7 de 9 05/05/13 02:15

brctl addbr br0ifconfig vnet0 172.16.0.1 netmask 255.255.255.0 upiptables -t nat -I POSTROUTING -s 172.16.0.0/24 -j MASQUERADE

but I can't figure out how to set the other settings like:auto vnet0vnet0 inet staticbridge_ports nonebridge_maxwait 0bridge_fd 1

I hope someone can help me.

reply | view as pdf

Has anyone been able toSubmitted by Anonymous (not registered) on Tue, 2012-05-15 20:34.

Has anyone been able to successfully replicate the steps outlined above? Just curious. I'm unable to connect to anyhosts in the Virtual Machine. I can ping the 172.16.*.* address but can't any where else. Thought I'd ask.

reply | view as pdf

Re: Has anyone been able toSubmitted by mpd2 (not registered) on Thu, 2012-06-07 15:34.

Yes, this works as of the date of this comment. I had to make an adjustment on my machine (vanilla ubuntu12.04) because dnsmasq-base was installed by default: http://ubuntuforums.org/showpost.php?p=12006425&postcount=7.

reply | view as pdf

blocking UDP trafficSubmitted by chris_dj (registered user) on Fri, 2012-03-30 12:02.

You can also block all UDP traffic/leaks from your virtual machine with

iptables -A FORWARD -i $INT_IF -p udp -j DROP

in middlebox.sh (DNS queries continue to be handled by TOR):

#!/bin/sh

# destinations you don't want routed through TorNON_TOR="192.168.1.0/24"

# Tor's TransPortTRANS_PORT="9040"

# your internal interfaceINT_IF="vnet0"

iptables -Fiptables -t nat -F

for NET in $NON_TOR; do iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN


8 de 9 05/05/13 02:15

reply | view as pdf

Re: blocking UDP trafficSubmitted by len mccoy (registered user) on Sun, 2012-05-27 23:36.

I have set this up and it seems to be working well. I included chris_dj's extra command in middlebox.sh. Websites like seemyip and others show IP addresses that are not mine.

However, I use a lot of command line requests, and I'm wondering how I could test them for anonymity. Is there aaddress I could ping that would somehow return my originating IP? Or would it just be reasonable to conclude thatsince the browsers are anonymous, and since TOR is not installed on the guest OS, only on the host OS, that alltraffic from the guest must necessarily be anonymous as well?

reply | view as pdf

Re: Re: blocking UDP trafficSubmitted by Pan Ta (not registered) on Tue, 2012-06-26 19:31.

It works for me -- also including the extra command in middlebox.sh.You can check your IP address at the command line by creating a shell script.

http://ubuntuforums.org/archive/index.php/t-526176.html

I confirmed the same IP addresses from the command line that I get from my browser.

Also, for what it's worth, I'm running through a VPN on my host before I ever start Tor. When I start my guest,everything still works... the IP addresses are always different -- and never reflect my current ISP. If someonediscovers a flaw in this, I'd like to hear about it.

reply | view as pdf

Howtos | Mini-Howtos | Forums | News | Search | Contribute |Site Map/RSS Feeds | Advertise | Contact | Disclaimer | Imprint

Copyright © 2013 HowtoForge - Linux Howtos and TutorialsAll Rights Reserved.


9 de 9 05/05/13 02:15

Documents

How to Set Up a TOR Middlebox Routing All VirtualBox Virtual Machine Traffic Over the TOR Network