Delivery-Date: Thu, 11 Feb 2016 03:10:36 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 7D9C21E0F9E;
	Thu, 11 Feb 2016 03:10:34 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id BAE4A391A1;
	Thu, 11 Feb 2016 08:10:29 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id EEEBE38FA1
 for <tor-talk@lists.torproject.org>; Thu, 11 Feb 2016 08:10:25 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id oKy17u3RuAWx for <tor-talk@lists.torproject.org>;
 Thu, 11 Feb 2016 08:10:25 +0000 (UTC)
Received: from server500gb.chello.at (212-186-47-25.cable.dynamic.surfer.at
 [212.186.47.25])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id B64F638D38
 for <tor-talk@lists.torproject.org>; Thu, 11 Feb 2016 08:10:25 +0000 (UTC)
Received: from 127.0.0.1
 by server500gb.chello.at with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256)
 (Exim latest) (envelope-from <elrippo@elrippoisland.net>)
 id 1aTmKM-00017H-P3; Thu, 11 Feb 2016 09:10:19 +0100
From: elrippo <elrippo@elrippoisland.net>
To: tor-talk@lists.torproject.org
Date: Thu, 11 Feb 2016 09:10:05 +0100
Message-ID: <2509922.UJTNnzZZWy@zwergal-hp-pavilion-g6-notebook-pc>
In-Reply-To: <56BC40EA.6050500@bitmessage.ch>
References: <56BC40EA.6050500@bitmessage.ch>
MIME-Version: 1.0
X-SA-Exim-Mail-From: elrippo@elrippoisland.net
X-SA-Exim-Version: 4.2.1 (built Sun, 08 Jan 2012 03:05:19 +0000)
X-SA-Exim-Scanned: Yes (on server500gb.chello.at)
X-Elrippo-NOT-TRUSTED-Header: This is a verfication,
 that your message is handled by
 server500gb.chello.at
Subject: Re: [tor-talk] Isolating transparent proxy
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0719854935131128598=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============0719854935131128598==
Content-Type: multipart/signed; boundary="nextPart1728391.Sfdz0TpspG"; micalg="pgp-sha1"; protocol="application/pgp-signature"


--nextPart1728391.Sfdz0TpspG
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"

Try [1]this one :D

[1] https://elrippoisland.net/public/how_to/anonymity.html

Kind regards,
elrippo

On Donnerstag, 11. Februar 2016, 08:06:02 onionsalad wrote:
> Hello there,
>=20
> I'm trying to set up a "isolating transparent proxy" a la Whonix,
> where there are a gateway node and a workstation node.
>=20
>=20
> Connected to the internet
>  |
>  | eth0 -- 192.168.27.x
> +-------------------------------+
> | Gateway node                  |
> | Tor client                    |
> | * DNSPort 192.168.42.1:53     |
> | * TransPort 192.168.42.1:9040 |
> | * SocksPort 192.168.42.1:9050 |
> +-------------------------------+
>  | eth1 -- 192.168.42.1
>  |
>  | eth0 -- 192.168.42.x
> +---------------------------------------------------+
> | Workstation node                                  |
> |                                                   |
> | resolv.conf -> 192.168.42.1                       |
> | IPv6 -> no routes                                 |
> | IPv4 -> to 192.168.42.0/24 via eth0, gateway none |
> +---------------------------------------------------+
>=20
> Currently,
> * `dig check.torproject.org` on Workstation works.
> * `torsocks curl https://check.torproject.org/` works and properly
> anonymized, of course.
> * No non-tor traffic can go out from Workstation. No transparent prox=
y
> means no internet connection, rather than leaks.
>=20
> Now, I need to allow 'normal' traffic to work using a transparent
> proxy, on Workstation, because some programs don't support a proxy (o=
f
> any kind) at all. This is not a desktop setup, and stream isolation i=
s
> not critical here.
> There are tutorials on transparent proxying online, but not for remot=
e
> TransPort one. What kind of iptables rules do I need to make this wor=
k?
> There should be instructions to do so online. I searched through
> trac.torproject.org, whonix.org and whonix Github, but I found nothin=
g.
>=20
> What should happen (on Workstaion):
> Try to connect to TCP check.torproject.org:443
> -> Linux captures with iptables
> -> forwarded to 192.168.42.1:9040 (TransPort)
>=20
> Can anyone help me?
>=20
> Thanks,
> onionsalad
>=20
>=20

=2D-=20
We don't bubble you, we don't spoof you ;)
Keep your data encrypted!
Log you soon,
your Admin
elrippo@elrippoisland.net

Encrypted messages are welcome.
0x84DF1F7E6AE03644

=2D----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd
BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb
UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+
B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5
Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R
9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs
e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9
jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h
q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z
+rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI
KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB
tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs
cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL
BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7
uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd
U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW
oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s
IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb
BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI
kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/
axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM
XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi
dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ
qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU
1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY
s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz
f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc
ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich
O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt
7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5
KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB
FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN
LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv
5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ
MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos
UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC
AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo
N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L
WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs
9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj
1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW
r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU
3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T
An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr
9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN
OhKSlMTkzAqf3MEi2Fyua4BADMhS3oBwCRgDTlt6wquEytpNSlZaHnyiyIgOpekF
Uy5K3w8NhHqeifRPrNb/UcCbXtXz+puqIEZHMenpv6FRlTTKpdoHoVXSkp1TPMGN
/VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ
6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8
6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL
u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1
wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW
MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz
+v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+GL/uQ1O/Z/XxVku
E1JQ/AnwBGU1M1S6otwWGWVRjzEzQtxsfcCEPvV/9td3FIFQAbGTPb+48XFU+TY9
8AlcXBlDzXq7c5f8Evn/oSIsZDt63K4HNTmMGqOTl/p1aA0e4eyX76LczY06rDP5
GMSNs+AHmYgZiS4RYhRUIvS9uLXMnnDAMYst0SDl2orDUUeHBTzu0rchyknBZMGP
p5wQuWQ9CFlV+dj3UYbrBwC1lTkAMXRG2vlhA0V0TZqos7A5D4VHgSUQQjE=3D
=3DotlL
=2D----END PGP PUBLIC KEY BLOCK-----

--nextPart1728391.Sfdz0TpspG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAABAgAGBQJWvEHdAAoJECRD3evZUNHr1ecP/1qLxxrxRaIzmDbVRJTD0hvf
kGE7djR8ui1AbzfKB1eAccRM3UMp0ydi8aSLycdzgWNdtjERJA9J1q6XxMtgwUeU
xsYTlfYrQfqPhWoi/Ezanba5dPztUBCPGTXhBar9SLurWOsn+inoI96tKO1lvLXU
3c5NjY+SKazFBjRwN7ifZIpiMHUmMLg3cql15pHtjRioF0kxfJ0lO2ves6Q3ao0u
U/zCZXWnMx09KUY1Glw3GveXLNbaPcWzwH9FKpjNiNVc24oEe2zcPpjXnrpwLc4t
69j+dx4eIuSx1XebcyiuPt9LHac9+SfoTq4DbMjsAVw+gqSs/BAaNk655W4eQPHy
7Ygs77izcB6r14EGBBY+w0pycgWV1ITl8PZLIcHc3B6Cw6VcJopEbE8vOY/G34s9
jfclMG109hdl/NVq78wx8W7xPcLKAv5FPpjJmYBBXE3yT1r9G36PR3n+nA0F3Xmu
Din2hapqTxUVGtgi8Tkw2XdFRgtVHXHv/UMCpY/8qKwyAs0x+ESRLxBYuiR+l5Y0
+P9uU2WnAFEtbet+InmFxWmzY4wgwCwTC1rII7fEWUpsNMUzexrWC8qTm4GA1L+j
57GXfQxVWZegpeWFXtMDcCB4caVfhOg+BP3FftSjg0hxpCTV7D2WK/VHKEU69or0
Tu1XDf2BUboUcqwSC3cq
=bLqj
-----END PGP SIGNATURE-----

--nextPart1728391.Sfdz0TpspG--


--===============0719854935131128598==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============0719854935131128598==--

