I'm not advanced user, more like hobbyist when we talking about gadgets, linux etc., so I bought USB Armory, and some of the things I had no problem setting up, but when it came to setting up Tor Anonimizing Middlebox, I got really stuck with the whole IP address thing. I need help to properly setup Tor, with the correct IP addresses. As I mentioned, I'm not quiet good with networking, and I can't wrap my head around it. So, if you could point what the right setup and IP's should be, I'd grateful.
This is what > ip route shows
192.168.2.0/24 dev usb0 proto kernel scope link src 192.168.2.100
According to the Inversepath's documentation on Github, I had to set the USB with 10.0.0.2 IP and 255.255.255.0 Subnet Mask, then enable internet sharing. And in /etc/network/interfaces the setup should be:
auto usb0
allow-hotplug usb0
iface usb0 inet static
address 10.0.0.2
netmask 255.255.255.0
gateway 10.0.0.1
I had to change it to:
auto usb0
allow-hotplug usb0
iface usb0 inet static
address 192.168.2.100
netmask 255.255.255.0
gateway 192.168.2.1
to be able to connect to internet.
When it comes to setting up Tor, this is what it should look like:
/etc/tor/torrc
irtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
# Transparent proxy
TransPort 9040
TransListenAddress 127.0.0.1
TransListenAddress 10.0.0.1
# DNS
DNSPort 53
DNSListenAddress 127.0.0.1
DNSListenAddress 10.0.0.1
Create iptables in /etc/iptables.sh with:
#!/bin/sh
### set variables
#destinations you don't want routed through Tor
_non_tor="10.0.0.0/24"
#the UID that Tor runs as (varies from system to system)
_tor_uid="104"
#Tor's TransPort
_trans_port="9040"
#your internal interface
_int_if="usb0"
### flush iptables
iptables -F
iptables -t nat -F
### set iptables *nat
iptables -t nat -A OUTPUT -o lo -j RETURN
iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
#allow clearnet access for hosts in $_non_tor
for _clearnet in $_non_tor; do
iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN
done
#redirect all other pre-routing and output to Tor
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
iptables -t nat -A PREROUTING -i $_int_if -p udp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A PREROUTING -i $_int_if -p tcp --syn -j REDIRECT --to-ports $_trans_port
### set iptables *filter
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#allow clearnet access for hosts in $_non_tor
for _clearnet in $_non_tor 127.0.0.0/8; do
iptables -A OUTPUT -d $_clearnet -j ACCEPT
done
#allow only Tor output
iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
iptables -A OUTPUT -j REJECT
Then define the "rt_usbarmory" routing table identifier in /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
1 rt_usbarmory
And launch:
# ip rule add from 10.0.0.1/32 table rt_usbarmory
# ip route add default via 192.168.1.1 table rt_usbarmory
# ip route del default
# ip route add default via 10.0.0.1