Feb 11 14:33 [raw]
i am not an expert with linux. i am comfortable with the command line but i am still having hard time understanding iptables and tor. how to lock down my ubuntu system so that all connections from all programs are forced through tor on port 9150. this means also that the dns queries also to the tor stopping dns leaks? switching to another distro not optional. what is important here is that i must find, analyze, and study every possible vector for any traffic leak to prevent it from ever happening at any time. this means in the iptables, the tor, the gateway router, and anything else i have not learned about. what informations do i need?
Feb 11 14:53 [raw]
I wish I could give any direct info, but have you checked if the people from the Tails distro documented how they did it? Because they have a setup like this, I think.
Feb 11 18:28 [raw]
No worries, it's actually quite simple to setup. First you're gonna need to edit the /etc/tor/torrc file and add a few changes: DNSPort 53520 TransPort 9040 The DNSPort is for proxying DNS requests through tor. The TransPort is for proxying TCP connections through Tor. Restart tor. Now you'll have to change your iptables configuration and use something like: iptables -t nat -A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports 53520 iptables -t nat -A OUTPUT ! -o lo ! -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040 The first iptables command will redirect all DNS requests to go through Tor. The second command will make all TCP traffic go through Tor, but beware of this i don't recommend using it for daily usage. Now edit /etc/resolv.conf and just put 'nameserver 127.0.0.1'. And voila, no DNS leaks !
Feb 11 19:16 [raw]
This looks like solid advice. However a couple errata I haven't figured out. In /etc/resolv.conf I can't put 'nameserver 127.0.0.1' because this is what resolv.conf says: # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.1.1 search ARPA009 It seems there are several applications which I don't understand that programmatically make changes to resolv.conf. I suppose I need to find a way to lock this down too and there may be other vectors I don't know.
Feb 11 20:05 [raw]
Yes, other programs are modifying the /etc/resolv.conf. If you change it it will get changed externally. What you can do is making the resolv.conf file immutable after changing its content. Put 'nameserver 127.0.0.1' in resolv.conf, and then run: chattr +i /etc/resolv.conf That way the file can't be modified and stays as it is. If later on you want to change it again, run: chattr -i /etc/resolv.conf and change the contents again.
Feb 12 03:33 [raw]
I used the iptables template from the torproject website and tweaked it a little and it works. But I'm not sure that it blocks all DNS leaks. I need to be certain that all networking layers of my machine from kernel on down have no query request beyond the gateway router. I'm scratching my head because there are so many fine points to investigate and I don't know where to start.
Feb 14 07:04 [raw]
GUFW Ubuntu :-)
|2018 : Der junge Karl Marx -- youtube.com/watch?v=AbM76KUm4IM -- 2 hours "Le Jeune Karl Marx"||May 17 20:25||1|
|Pascal on the rise||May 16 19:28||4|
|ALGOL 68 Genie||May 15 07:27||1|
|Help a programmer||May 15 07:16||3|
|VoCore - Coin-sized computer that runs Linux (OpenWRT/LEDE)||May 10 08:22||1|
|i c u||May 6 08:48||4|
|mint with timeshift on BTRFS is working nicely||May 6 04:02||3|
|Mint?||Apr 28 21:50||5|
|[chan] merlot||Apr 26 02:16||1|