Hi,
I try to create a wifi hotspot redirecting all the traffic to TOR.
- for the hotspot, i tried this tuto https://raspberrytips.fr/point-acces-wifi-raspberry-pi/ it works perfectly (wh0 redirected to eth0 interface)
- for the redirection, i tried https://le-guide-du-secops.fr/2022/05/2 ... orghostng/. It works, except that i lose the hotspot.
I guess it's a question of iptables, but I'm not skilled to solve it.
can you help me?
regards
a copy if ip tables rules after torghostng.
--------------------------------------------------------------------------------------------------------------------------
FILTER
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere STRING match "BitTorrent" ALGO name bm
DROP all -- anywhere anywhere STRING match "BitTorrent protocol" ALGO name bm
DROP all -- anywhere anywhere STRING match "peer_id=" ALGO name bm
DROP all -- anywhere anywhere STRING match ".torrent" ALGO name bm
DROP all -- anywhere anywhere STRING match "announce.php?passkey=" ALGO name bm
DROP all -- anywhere anywhere STRING match "torrent" ALGO name bm
DROP all -- anywhere anywhere STRING match "announce" ALGO name bm
DROP all -- anywhere anywhere STRING match "info_hash" ALGO name bm
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere 192.168.1.0/24
ACCEPT all -- anywhere 192.168.0.0/24
ACCEPT all -- anywhere 127.0.0.0/8
ACCEPT all -- anywhere anywhere owner UID match debian-tor
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
-----------------------------------------------------------------------------------------------------------
NAT
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
RETURN all -- anywhere anywhere owner UID match debian-tor
REDIRECT udp -- anywhere anywhere udp dpt:domain redir ports 5353
RETURN all -- anywhere 192.168.1.0/24
RETURN all -- anywhere 192.168.0.0/24
RETURN all -- anywhere 127.0.0.0/9
RETURN all -- anywhere 127.128.0.0/10
REDIRECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN redir ports 9040
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
--------------------------------------------------------------------------------------------------------------
I try to create a wifi hotspot redirecting all the traffic to TOR.
- for the hotspot, i tried this tuto https://raspberrytips.fr/point-acces-wifi-raspberry-pi/ it works perfectly (wh0 redirected to eth0 interface)
- for the redirection, i tried https://le-guide-du-secops.fr/2022/05/2 ... orghostng/. It works, except that i lose the hotspot.
I guess it's a question of iptables, but I'm not skilled to solve it.
can you help me?
regards
a copy if ip tables rules after torghostng.
--------------------------------------------------------------------------------------------------------------------------
FILTER
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere STRING match "BitTorrent" ALGO name bm
DROP all -- anywhere anywhere STRING match "BitTorrent protocol" ALGO name bm
DROP all -- anywhere anywhere STRING match "peer_id=" ALGO name bm
DROP all -- anywhere anywhere STRING match ".torrent" ALGO name bm
DROP all -- anywhere anywhere STRING match "announce.php?passkey=" ALGO name bm
DROP all -- anywhere anywhere STRING match "torrent" ALGO name bm
DROP all -- anywhere anywhere STRING match "announce" ALGO name bm
DROP all -- anywhere anywhere STRING match "info_hash" ALGO name bm
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere 192.168.1.0/24
ACCEPT all -- anywhere 192.168.0.0/24
ACCEPT all -- anywhere 127.0.0.0/8
ACCEPT all -- anywhere anywhere owner UID match debian-tor
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
-----------------------------------------------------------------------------------------------------------
NAT
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
RETURN all -- anywhere anywhere owner UID match debian-tor
REDIRECT udp -- anywhere anywhere udp dpt:domain redir ports 5353
RETURN all -- anywhere 192.168.1.0/24
RETURN all -- anywhere 192.168.0.0/24
RETURN all -- anywhere 127.0.0.0/9
RETURN all -- anywhere 127.128.0.0/10
REDIRECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN redir ports 9040
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
--------------------------------------------------------------------------------------------------------------
Statistics: Posted by marcelbenhur — Wed May 01, 2024 10:15 am — Replies 0 — Views 6