jacs

I'm not advanced user, more like hobbyist when we talking about gadgets, linux etc., so I bought USB Armory, and some of the things I had no problem setting up, but when it came to setting up Tor Anonimizing Middlebox, I got really stuck with the whole IP address thing. I need help to properly setup Tor, with the correct IP addresses. As I mentioned, I'm not quiet good with networking, and I can't wrap my head around it. So, if you could point what the right setup and IP's should be, I'd grateful. This is what > ip route shows 192.168.2.0/24 dev usb0 proto kernel scope link src 192.168.2.100 According to the Inversepath's documentation on Github, I had to set the USB with 10.0.0.2 IP and 255.255.255.0 Subnet Mask, then enable internet sharing. And in /etc/network/interfaces the setup should be: auto usb0 allow-hotplug usb0 iface usb0 inet static address 10.0.0.2 netmask 255.255.255.0 gateway 10.0.0.1 I had to change it to: auto usb0 allow-hotplug usb0 iface usb0 inet static address 192.168.2.100 netmask 255.255.255.0 gateway 192.168.2.1 to be able to connect to internet. When it comes to setting up Tor, this is what it should look like: /etc/tor/torrc irtualAddrNetworkIPv4 10.192.0.0/10 AutomapHostsOnResolve 1 # Transparent proxy TransPort 9040 TransListenAddress 127.0.0.1 TransListenAddress 10.0.0.1 # DNS DNSPort 53 DNSListenAddress 127.0.0.1 DNSListenAddress 10.0.0.1 Create iptables in /etc/iptables.sh with: #!/bin/sh ### set variables #destinations you don't want routed through Tor _non_tor="10.0.0.0/24" #the UID that Tor runs as (varies from system to system) _tor_uid="104" #Tor's TransPort _trans_port="9040" #your internal interface _int_if="usb0" ### flush iptables iptables -F iptables -t nat -F ### set iptables *nat iptables -t nat -A OUTPUT -o lo -j RETURN iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53 #allow clearnet access for hosts in $_non_tor for _clearnet in $_non_tor; do iptables -t nat -A OUTPUT -d $_clearnet -j RETURN iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN done #redirect all other pre-routing and output to Tor iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port iptables -t nat -A PREROUTING -i $_int_if -p udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A PREROUTING -i $_int_if -p tcp --syn -j REDIRECT --to-ports $_trans_port ### set iptables *filter iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #allow clearnet access for hosts in $_non_tor for _clearnet in $_non_tor 127.0.0.0/8; do iptables -A OUTPUT -d $_clearnet -j ACCEPT done #allow only Tor output iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT iptables -A OUTPUT -j REJECT Then define the "rt_usbarmory" routing table identifier in /etc/iproute2/rt_tables # # reserved values # 255 local 254 main 253 default 0 unspec # # local # #1 inr.ruhep 1 rt_usbarmory And launch: # ip rule add from 10.0.0.1/32 table rt_usbarmory # ip route add default via 192.168.1.1 table rt_usbarmory # ip route del default # ip route add default via 10.0.0.1