-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: blog action: blob revision: path_from: transproxy revision_from: refs/heads/master: path_to: revision_to:
/ transproxy
refs/heads/master:/transproxy
# tor transparent proxy setup
This is used to let all the machines on my LAN (21.41.41.0/24) have access to tor without needing to run tor on each machine.
It hasn't been checked for leaks. Anyone on anonet can probably also use it if they set a route for the VirtualAddrNetworks.
If you're reading this I'm assuming you mostly already know what you're doing.
These config files live on enzo.whois.ano which is an x86 netbook with a broken screen.
It is configured with two IPs in my anonet range. 2 and 5.
I configure IPv4 and IPv6 to use the same host numbers
so unbound can use one, and knot can use the other.
## /etc/tor/torrc
```
VirtualAddrNetworkIPv4 100.64.0.0/10
VirtualAddrNetworkIPv6 fd63:1e39:6f73:2929:ffff::/80
TransPort 0.0.0.0:9040
TransPort [::]:9040
AutomapHostsSuffixes .
DNSPort 21.41.41.2:9053
```
## /etc/unbound/unbound.conf
```
server:
domain-insecure: "onion"
domain-insecure: "exit"
local-zone: "onion" nodefault
local-zone: "exit" nodefault
forward-zone:
name: "exit"
forward-addr: 21.41.41.2@9053
forward-zone:
name: "onion"
forward-addr: 21.41.41.2@9053
```
## /etc/iptables.up.rules
```
-A PREROUTING -d 100.64.0.0/10 -i enp1s0 -p tcp -j REDIRECT --to-ports 9040
-A OUTPUT -d 100.64.0.0/10 -p tcp -j REDIRECT --to-ports 9040
```
## /etc/ip6tables.up.rules
```
-A PREROUTING -d fd63:1e39:6f73:2929:ffff::/80 -i enp1s0 -p tcp -j REDIRECT --to-ports 9040
-A OUTPUT -d fd63:1e39:6f73:2929:ffff::/80 -p tcp -j REDIRECT --to-ports 9040
```
### /etc/network/if-up.d/iptables
```
#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules
/sbin/ip6tables-restory < /etc/ip6tables.up.rules
```
-- Response ended
-- Page fetched on Sun Jun 2 16:50:08 2024