Tuesday, 20 November 2007

transocks - transparently torify all tcp connections on the router

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

transocks from Mike Fisk looks pretty cool.

usage:

#!/bin/sh

# start transocks
/usr/local/sbin/transocks -p 1211

LOCAL_NET=192.168.0.0/16

# create a new chain 'SOCKSIFY' for it to simplify management
iptables -t nat -X SOCKSIFY
iptables -t nat -N SOCKSIFY

# exceptions that are not to be run through tor
iptables -t nat -A SOCKSIFY -o lo -j RETURN
iptables -t nat -A SOCKSIFY --dst 127.0.0.1 -j RETURN
iptables -t nat -A SOCKSIFY --dst $LOCAL_NET -j RETURN

# avoid feedback loops
iptables -t nat -A SOCKSIFY -m owner --cmd-owner transocks -j RETURN

# log every new connection in the SOCKSIFY-chain
iptables -t nat -A SOCKSIFY -j LOG -p tcp --syn --log-level info \
- --log-prefix "SOCKSify "

# send tcp-connections in the SOCKSIFY-chain to transocks
iptables -t nat -A SOCKSIFY -p tcp -j REDIRECT --to-port 1211

# Socksify traffic leaving this host:
iptables -t nat -A OUTPUT -p tcp --syn -j SOCKSIFY

# Socksify traffic routing through this host:
iptables -t nat -A PREROUTING -p tcp -s $LOCAL_NET --syn -j SOCKSIFY

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6cdLAZ+Vq4hPgARAjDTAKCRkUEB5+nz54xId38XWi2RXKckeQCffJ8i
qKTGU+Fk/w56t+UwiGFd1CQ=
=tq8N
-----END PGP SIGNATURE-----

No comments: