-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: blog action: blob revision: path_from: transproxy revision_from: refs/heads/master: path_to: revision_to:
/ transproxy
refs/heads/master:/transproxy # tor transparent proxy setup This is used to let all the machines on my LAN (21.41.41.0/24) have access to tor without needing to run tor on each machine. It hasn't been checked for leaks. Anyone on anonet can probably also use it if they set a route for the VirtualAddrNetworks. If you're reading this I'm assuming you mostly already know what you're doing. These config files live on enzo.whois.ano which is an x86 netbook with a broken screen. It is configured with two IPs in my anonet range. 2 and 5. I configure IPv4 and IPv6 to use the same host numbers so unbound can use one, and knot can use the other. ## /etc/tor/torrc ``` VirtualAddrNetworkIPv4 100.64.0.0/10 VirtualAddrNetworkIPv6 fd63:1e39:6f73:2929:ffff::/80 TransPort 0.0.0.0:9040 TransPort [::]:9040 AutomapHostsSuffixes . DNSPort 21.41.41.2:9053 ``` ## /etc/unbound/unbound.conf ``` server: domain-insecure: "onion" domain-insecure: "exit" local-zone: "onion" nodefault local-zone: "exit" nodefault forward-zone: name: "exit" forward-addr: 21.41.41.2@9053 forward-zone: name: "onion" forward-addr: 21.41.41.2@9053 ``` ## /etc/iptables.up.rules ``` -A PREROUTING -d 100.64.0.0/10 -i enp1s0 -p tcp -j REDIRECT --to-ports 9040 -A OUTPUT -d 100.64.0.0/10 -p tcp -j REDIRECT --to-ports 9040 ``` ## /etc/ip6tables.up.rules ``` -A PREROUTING -d fd63:1e39:6f73:2929:ffff::/80 -i enp1s0 -p tcp -j REDIRECT --to-ports 9040 -A OUTPUT -d fd63:1e39:6f73:2929:ffff::/80 -p tcp -j REDIRECT --to-ports 9040 ``` ### /etc/network/if-up.d/iptables ``` #!/bin/sh /sbin/iptables-restore < /etc/iptables.up.rules /sbin/ip6tables-restory < /etc/ip6tables.up.rules ```
-- Response ended
-- Page fetched on Sun Jun 2 16:50:08 2024