Thursday, February 9, 2012

How To Set Up A TOR Middlebox Routing All VirtualBox Virtual Machine Traffic Over The TOR Network


This tutorial will show you how to reroute all traffic for a virtual machine through the Tor network to ensure anonymity. It assumes a standalone machine with a Linux OS, and VirtualBox installed. In this case, we'll be using Ubuntu on the host machine.
Thanks to
- http://www.tolaris.com/2009/03/05/using-host-networking-and-nat-with-virtualbox/
- https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
- http://www.rootdamnit.eu/2011/12/10/virtualbox-tor-backtrack-aka-how-to-become-almost-invisible/
All commands on the host machine should be run as root (sudo or su.

Step 1 - Add A Bridge Interface For Your Virtual Machine (VM) On The Host Machine (HM)

# apt-get install bridge-utils
Add the following to /etc/network/interfaces:
# VirtualBox NAT bridge
auto vnet0
iface vnet0 inet static
 address 172.16.0.1
 netmask 255.255.255.0
 bridge_ports none
 bridge_maxwait 0
 bridge_fd 1

 up iptables -t nat -I POSTROUTING -s 172.16.0.0/24 -j MASQUERADE
 down iptables -t nat -D POSTROUTING -s 172.16.0.0/24 -j MASQUERADE
Start the bridge interface:
# ifup vnet0

Step 2 - Setup DHCP And DNS For Clients

# apt-get install dnsmasq
Edit /etc/dnsmasq.conf to include:
interface=vnet0
dhcp-range=172.16.0.2,172.16.0.254,1h
Start the daemon:
# /etc/init.d/dnsmasq restart

Step 3 - Install And Set Up TOR

Install TOR - INSTUCTIONS
Edit /etc/tor/torrc and add:
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 172.16.0.1
DNSPort 53
DNSListenAddress 172.16.0.1
Restart TOR:
#/etc/init.d/tor restart
Create and edit middlebox.sh on the HM:
#!/bin/sh

# destinations you don't want routed through Tor
NON_TOR="192.168.1.0/24"

# Tor's TransPort
TRANS_PORT="9040"

# your internal interface
INT_IF="vnet0"

iptables -F
iptables -t nat -F

for NET in $NON_TOR; do
 iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN
done
iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
and run it:
#./middlebox.sh

Step 4 - Set Up The Virtual Machine On The HM

Open VirtualBox, start the machine. Go to Devices > Network Adapter. Disable all network adapters except Adapter 1.
Set the following options:
Attached to: Bridged Adapter
Name: vnet0
Click OK.
Finally make sure your virtual machine gets its IP address via DHCP, and refresh the DHCP client/reboot the VM. It should have an IP in the range 172.16.0.n, name resolver 172.16.0.1 and gateway 172.16.0.1.

No comments:

Post a Comment