How to Route all Traffic Through Tor Network on Ubuntu and Derived Distros | NeosLab (2024)

Introduction

The Tor network, known for its ability to provide anonymity and privacy online, has become increasingly popular among users seeking to protect their digital identities. However, ensuring that your internet traffic remains secure and free from leaks is crucial. In this tutorial, we’ll explore DNS leaks, understand their implications, and learn how to route all traffic through the Tor network to enhance privacy.

Table Of Contents

  • Understanding DNS Leaks
  • How to Route all Traffic Through Tor Network?
    • Configuration of Tor
    • Configuration of Resolv.conf
  • How To Prevent DNS Leak?
    • Flushing current Iptables setting
    • Launch of all required services
    • Configuration of Iptables
    • Creating New System Rules
  • Let's Make a Test
  • Can We Wrap All This Together?
  • Enhancing Privacy with TorBridge
    • Automatic MAC Address Rotation
  • Conclusion

Understanding DNS Leaks

DNS (Domain Name System) leaks occur when your device inadvertently sends DNS requests to your internet service provider (ISP) instead of the DNS servers provided by your anonymity tool (such as a VPN or Tor). These leaks can reveal your browsing activities, expose your geolocation, and compromise your security. To prevent DNS leaks, we’ll explore how to configure your system to route all traffic through Tor.

If you use an anonymity tool, such as a VPN, ideally, your DNS requests should not go to your Internet service provider, but the DNS hosted by your VPN. A DNS leak occurs when a security breach forces your device to forward the DNS request to the DNS server of your Internet service provider.

Your DNS queries indicate your browsing activities, which can be used against you. If someone has access to your DNS requests, it means that your security has been compromised and that you are exposed. Besides, a DNS leak can also expose your actual geolocation and the location of your Internet service provider. This may not be a big deal, but it is the kind of information that hackers can use to find your real IP address.

DNSLeakTest.com is a great tool that you can use to perform a quick and accurate DNS leak test. You can run a standard test or an extended test. But you can also try some other service such as Browserleaks, Ipleak, or Dnsleak. For this tutorial, we will make a test using DNSLeakTest.com website.

Output

How to Route all Traffic Through Tor Network on Ubuntu and Derived Distros | NeosLab (1)

As you can see, the site was able to retrieve our IP address as well as information regarding the DNS used by our connection.

How to Route all Traffic Through Tor Network?

It’s possible to route all your local traffic, in a transparent mode, through the Tor network, including all the DNS request. Let’s see how we can achieve it using Arch GNU/Linux distribution. Before moving further, we will need to install some packages such as of course Tor but also Polipo. To do it, simply open your terminal and use the below commands.

sudo apt update && sudo apt install macchanger tor

Configuration of Tor

Next, we will move on the configuration of Tor by replacing the configuration located in /etc/tor/torrc by the one I'm providing in the below example. Exactly like in the previous step, before doing it, please be sure to create a backup of your current configuration file.

sudo mv /etc/tor/torrc /etc/tor/torrc.baksudo cat >> /etc/tor/torrc << EOLDataDirectory /var/lib/torVirtualAddrNetwork 10.192.0.0/10AutomapHostsOnResolve 1AutomapHostsSuffixes .exit,.onionTransPort 127.0.0.1:9040 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort IsolateDestAddrSocksPort 127.0.0.1:9050 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort IsolateDestAddrControlPort 9051HashedControlPassword 16:FDE8ED505C45C8BA602385E2CA5B3250ED00AC0920FEC1230813A1F86FDNSPort 127.0.0.1:9053HardwareAccel 1TestSocks 1AllowNonRFC953Hostnames 0WarnPlaintextPorts 23,109,110,143,80ClientRejectInternalAddresses 1NewCircuitPeriod 40MaxCircuitDirtiness 600MaxClientCircuitsPending 48UseEntryGuards 1EnforceDistinctSubnets 1EOLsudo chmod 644 /etc/tor/torrc

Configuration of Resolv.conf

We will need now to configure our Network to use Tor. In most Unix-like operating systems and others that implement the BIND Domain Name System (DNS) resolver library, the /etc/resolv.conf the configuration file contains information that determines the operational parameters of the DNS resolver. As per the previous step, please be sure to create a backup of your current resolv.conf file before proceeding further.

sudo mv /etc/resolv.conf /etc/resolv.conf.baksudo cat >> /etc/resolv.conf << EOLnameserver 127.0.0.1nameserver 1.1.1.1nameserver 1.0.0.1nameserver 208.67.222.222nameserver 208.67.220.220nameserver 8.8.8.8nameserver 8.8.4.4EOLsudo chmod 644 /etc/resolv.conf

How To Prevent DNS Leak?

Flushing current Iptables setting

We will need now to flush our current iptables rules. Before doing it, it's better to create a backup of our current configuration to be able to restore it once we are done.

sudo iptables-save > /etc/iptables.rules.baksudo iptables -Fsudo iptables -t nat -F

Launch of all required services

We can now proceed and start all the required services. In the case that required services are already started, you will need to use reload instead of start as a command parameter.

sudo systemctl start tor

Configuration of Iptables

This is one of the most crucial steps. What we are going to do now, is to configure our Firewall iptables to allow only the request made to/from Tor network and block any other one.

## Set Iptables Nat## ----------------sudo iptables -t nat -A OUTPUT -m owner --uid-owner tor -j RETURN## Set DNS Redirect## ----------------sudo iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 9053sudo iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-ports 9053sudo iptables -t nat -A OUTPUT -p udp -m owner --uid-owner tor -m udp --dport 53 -j REDIRECT --to-ports 9053## Resolve domains mapping 10.192.0.0/10 address space## ---------------------------------------------------sudo iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040sudo iptables -t nat -A OUTPUT -p udp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040## Exclude Tor CIDR## ----------------sudo iptables -t nat -A OUTPUT -d 192.168.0.0/16 -j RETURNsudo iptables -A OUTPUT -d 192.168.0.0/16 -j ACCEPTsudo iptables -t nat -A OUTPUT -d 172.16.0.0/12 -j RETURNsudo iptables -A OUTPUT -d 172.16.0.0/12 -j ACCEPTsudo iptables -t nat -A OUTPUT -d 10.0.0.0/8 -j RETURNsudo iptables -A OUTPUT -d 10.0.0.0/8 -j ACCEPTsudo iptables -t nat -A OUTPUT -d 127.0.0.0/9 -j RETURNsudo iptables -A OUTPUT -d 127.0.0.0/9 -j ACCEPTsudo iptables -t nat -A OUTPUT -d 127.128.0.0/10 -j RETURNsudo iptables -A OUTPUT -d 127.128.0.0/10 -j ACCEPT## Redirect all other output through Tor## -------------------------------------sudo iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports 9040sudo iptables -t nat -A OUTPUT -p udp -j REDIRECT --to-ports 9040sudo iptables -t nat -A OUTPUT -p icmp -j REDIRECT --to-ports 9040## Accept already established connections## --------------------------------------sudo iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT## Allow only Tor output## ---------------------sudo iptables -A OUTPUT -m owner --uid-owner tor -j ACCEPTsudo iptables -A OUTPUT -j REJECT

Creating New System Rules

Believe me or not, we are almost done! This is going to be the final step. We will need to create new system rules to prevent anyone from outside your NAT to reach your machine while you are connecting over the Net. As we did in all the previous steps, do not forget to create a backup of your current sysctl configuration.

sudo sysctl -a > /etc/sysctl.conf.bak## Swappiness## ----------sudo sysctl -w vm.dirty_ratio=10 &>"/dev/null"sudo sysctl -w vm.dirty_background_ratio=5 &>"/dev/null"sudo sysctl -w vm.dirty_expire_centisecs=2000 &>"/dev/null"sudo sysctl -w vm.dirty_writeback_centisecs=1000 &>"/dev/null"sudo sysctl -w vm.swappiness=10 &>"/dev/null"sudo sysctl -w vm.vfs_cache_pressure=70 &>"/dev/null"## Disable Explicit Congestion Notification in TCP## -----------------------------------------------sudo sysctl -w net.ipv4.tcp_ecn=0 &>"/dev/null"## Window scaling## --------------sudo sysctl -w net.ipv4.tcp_window_scaling=1 &>"/dev/null"## Increase Linux auto-tuning TCP buffer limits## --------------------------------------------sudo sysctl -w net.ipv4.tcp_rmem="8192 87380 16777216" &>"/dev/null"sudo sysctl -w net.ipv4.tcp_wmem="8192 65536 16777216" &>"/dev/null"## Increase TCP max buffer size## ----------------------------sudo sysctl -w net.core.rmem_max=16777216 &>"/dev/null"sudo sysctl -w net.core.wmem_max=16777216 &>"/dev/null"## Increase number of incoming connections backlog## -----------------------------------------------sudo sysctl -w net.core.netdev_max_backlog=16384 &>"/dev/null"sudo sysctl -w net.core.dev_weight=64 &>"/dev/null"## Increase number of incoming connections## ---------------------------------------sudo sysctl -w net.core.somaxconn=32768 &>"/dev/null"## Increase the maximum amount of option memory buffers## ----------------------------------------------------sudo sysctl -w net.core.optmem_max=65535 &>"/dev/null"## Increase the TCP-time-wait buckets## Pool sizeto prevent simple DOS attacks## --------------------------------------sudo sysctl -w net.ipv4.tcp_max_tw_buckets=1440000 &>"/dev/null"## Try to reuse time-wait connections## ----------------------------------sudo sysctl -w net.ipv4.tcp_tw_reuse=1 &>"/dev/null"## Limit number of allowed orphans## Each orphan can eat up to 16M of unswappable memory## ---------------------------------------------------sudo sysctl -w net.ipv4.tcp_max_orphans=16384 &>"/dev/null"sudo sysctl -w net.ipv4.tcp_orphan_retries=0 &>"/dev/null"## Don't cache ssthresh from previous connection## ---------------------------------------------sudo sysctl -w net.ipv4.tcp_no_metrics_save=1 &>"/dev/null"sudo sysctl -w net.ipv4.tcp_moderate_rcvbuf=1 &>"/dev/null"## Increase size of RPC datagram queue length## ------------------------------------------sudo sysctl -w net.unix.max_dgram_qlen=50 &>"/dev/null"## Don't allow the ARP table to become bigger than this## ----------------------------------------------------sudo sysctl -w net.ipv4.neigh.default.gc_thresh3=2048 &>"/dev/null"## Tell the gc when to become aggressive with arp table cleaning## Adjust this based on size of the LAN. 1024 is suitable for most /24 networks## ----------------------------------------------------------------------------sudo sysctl -w net.ipv4.neigh.default.gc_thresh2=1024 &>"/dev/null"## Adjust where the GC will leave ARP table alone set to 32## --------------------------------------------------------sudo sysctl -w net.ipv4.neigh.default.gc_thresh1=32 &>"/dev/null"## Adjust to ARP table GC to clean-up more often## ---------------------------------------------sudo sysctl -w net.ipv4.neigh.default.gc_interval=30 &>"/dev/null"## Increase TCP queue length## -------------------------sudo sysctl -w net.ipv4.neigh.default.proxy_qlen=96 &>"/dev/null"sudo sysctl -w net.ipv4.neigh.default.unres_qlen=6 &>"/dev/null"## Enable Explicit Congestion Notification## ---------------------------------------sudo sysctl -w net.ipv4.tcp_ecn=1 &>"/dev/null"sudo sysctl -w net.ipv4.tcp_reordering=3 &>"/dev/null"## How many times to retry killing an alive TCP connection## -------------------------------------------------------sudo sysctl -w net.ipv4.tcp_retries2=15 &>"/dev/null"sudo sysctl -w net.ipv4.tcp_retries1=3 &>"/dev/null"## Avoid falling back to slow start after a connection goes idle## keeps our cwnd large with the keep alive connections (kernel > 3.6)## -------------------------------------------------------------------sudo sysctl -w net.ipv4.tcp_slow_start_after_idle=0 &>"/dev/null"## Allow the TCP fastopen flag to be used## Beware some firewalls do not like TFO (kernel > 3.7)## ----------------------------------------------------sudo sysctl -w net.ipv4.tcp_fastopen=3 &>"/dev/null"## This will ensure that immediatly subsequent connections use the new values## --------------------------------------------------------------------------sudo sysctl -w net.ipv4.route.flush=1 &>"/dev/null"sudo sysctl -w net.ipv6.route.flush=1 &>"/dev/null"## TCP SYN cookie protection## -------------------------sudo sysctl -w net.ipv4.tcp_syncookies=1 &>"/dev/null"## TCP RFC 1337## ------------sudo sysctl -w net.ipv4.tcp_rfc1337=1 &>"/dev/null"## Reverse path filtering## ----------------------sudo sysctl -w net.ipv4.conf.default.rp_filter=1 &>"/dev/null"sudo sysctl -w net.ipv4.conf.all.rp_filter=1 &>"/dev/null"## Log martian packets## -------------------sudo sysctl -w net.ipv4.conf.default.log_martians=1 &>"/dev/null"sudo sysctl -w net.ipv4.conf.all.log_martians=1 &>"/dev/null"## Disable ICMP redirecting## ------------------------sudo sysctl -w net.ipv4.conf.all.accept_redirects=0 &>"/dev/null"sudo sysctl -w net.ipv4.conf.default.accept_redirects=0 &>"/dev/null"sudo sysctl -w net.ipv4.conf.all.secure_redirects=0 &>"/dev/null"sudo sysctl -w net.ipv4.conf.default.secure_redirects=0 &>"/dev/null"sudo sysctl -w net.ipv6.conf.all.accept_redirects=0 &>"/dev/null"sudo sysctl -w net.ipv6.conf.default.accept_redirects=0 &>"/dev/null"sudo sysctl -w net.ipv4.conf.all.send_redirects=0 &>"/dev/null"sudo sysctl -w net.ipv4.conf.default.send_redirects=0 &>"/dev/null"## Enable Ignoring to ICMP Request## -------------------------------sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1 &>"/dev/null"## Disable IPv6## ------------sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1 &>"/dev/null"sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1 &>"/dev/null"

Let's Make A Test

We will now see if all this work leads us to a satisfactory result. To do this we will simply repeat a what we did at the beginning of this tutorial by going back to the site DNSLeakTest.com and conduct a new test.

Output

How to Route all Traffic Through Tor Network on Ubuntu and Derived Distros | NeosLab (2)

As you can see, the site was unable to determine our IP address as well as our Internet service provider DNS. We can, therefore, consider that these efforts give us a result that lives up to our expectations.

Can We Wrap All This Together?

Yes, we can! And to make it easier, you can get all this to be done from a single command line! Why didn't I say it earlier? Because the purpose of this tutorial is to understand how Tor works and how to protect against DNS leaks.

All you have to do is clone the script we have created a few days ago and available on Github. This script is based on Torctl which is available on BlackArch but few optimizations were made to minimize latency.

Clone the Script

cd /tmp/git clone https://github.com/neoslab/torbridgechmod +x /tmp/torbridge/torbridgesudo mv /tmp/torbridge/torbridge /usr/local/bin/

Display the Help Menu

sudo torbridge -h

Output

How to Route all Traffic Through Tor Network on Ubuntu and Derived Distros | NeosLab (3)

Start the Script

sudo torbridge --start

Output

How to Route all Traffic Through Tor Network on Ubuntu and Derived Distros | NeosLab (4)

Stop the Script

sudo torbridge --stop

Output

How to Route all Traffic Through Tor Network on Ubuntu and Derived Distros | NeosLab (5)

Enhancing Privacy with TorBridge

By following these steps, you can route all your traffic through the Tor network, significantly enhancing your privacy and security. Remember that TorBridge is also available by default in the latest version of SnoopGod Linux. For advanced users, consider downloading the latest SnoopGod 24.04.2 release to explore TorBridge’s capabilities further.

Automatic MAC Address Rotation

In addition to routing traffic through Tor, TorBridge includes a powerful feature: automatic MAC address rotation. This function ensures that your device remains completely anonymous by periodically changing its MAC address. By doing so, TorBridge adds an extra layer of protection against tracking and surveillance.

Conclusion

TorBridge is a powerful tool that enhances online privacy and security. By routing internet traffic through the Tor network, it allows users to maintain anonymity and protect sensitive data. Whether you’re using Linux or another operating system, TorBridge provides a valuable solution for safeguarding your online activities. For more information about this tutorial and to see a live demonstration of this type of attack, I encourage you to watch the video below.

#Anonymity#DNSLeak#IpTables#Linux#MacChanger#Privacy#TorNetwork

Share:

How to Route all Traffic Through Tor Network on Ubuntu and Derived Distros | NeosLab (6)

Created by

Nicolas C.
How to Route all Traffic Through Tor Network on Ubuntu and Derived Distros | NeosLab (2024)

FAQs

Does Tails route all traffic through Tor? ›

Everything you do on the Internet from Tails goes through the Tor network. Tor encrypts and anonymizes your connection by passing it through 3 relays. Tor relays are servers operated by different people and organizations around the world. You cannot access the Internet from Tails until you are connected to Tor.

What does Tor stand for in the dark web? ›

Tor (The Onion Router) is a web browser that lets users access a network that anonymizes web traffic to provide private web browsing. Often used to access the dark web, Tor Browser hides IP addresses and browsing activity by redirecting web traffic through a series of different routers called nodes.

Is Tor traffic detectable? ›

Tor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that you're using Tor.

Can your ISP see you using Tails? ›

Tor and Tails don't protect you by making you look like any random Internet user, but by making all Tor and Tails users look the same. It becomes impossible to know who is who among them. Your Internet service provider (ISP) and local network can see that you connect to the Tor network.

How do I know if Tor is running on Ubuntu? ›

If you have configured a web browser to use Tor, you can check it is working by visiting https://check.torproject.org. Tor Project strongly recommends that you only use Tor Browser to browser the web with Tor, as it includes additional anti-fingerprinting protections that are not present in other browsers.

How do I run Tor from command line? ›

If you are terminal savvy, you can also run the program from the command line by typing ./start-tor-browser. desktop and hitting enter.

What is Tor Browser Launcher? ›

Tor Browser Launcher is intended to make the Tor Browser Bundle (TBB) easier to maintain and use for GNU/Linux users. It downloads the same TBB from torproject.org that everyone else uses, and it doesn't alter it in any way.

Which Linux is best for Tor? ›

Tails comes with a native connection to the Tor network, which means every move you make on the internet is encrypted and anonymous. You can trust Tails to preserve your privacy both online and on your local machine.

What is onionize on Tor? ›

Onionize: Tor v3 onion services (hidden services) for Docker containers. A docker wrapper for Tor⁠ v3 onion services (hidden services). It uses docker-gen⁠ to configure Tor automatically when other containers are connected to the same network.

What is the secret of Tor Browser? ›

Tor Browser prevents someone watching your connection from knowing what websites you visit. All anyone monitoring your browsing habits can see is that you're using Tor.

What Browser is Tor built in? ›

Tor Browser is a modified version of Firefox specifically designed for use with Tor.

What is Tor used for legally? ›

So, is it legal to use Tor and similar browsers? The short answer is yes. These kinds of dedicated browsers are used by the military, police, journalists and whistleblowers to maintain their privacy online. However, it is important to consider not only whether something is legal but whether it is advisable.

Does tailscale route all traffic? ›

How exit nodes work. By default, Tailscale acts as an overlay network: it only routes traffic between devices running Tailscale, but doesn't touch your public internet traffic, such as when you visit Google or Twitter.

Should you use Tails with Tor? ›

The Tor Project recommends the usage of Tails for the use cases that are not covered by its own projects (for example the Tor Browser). But many people use Tor outside of Tails, and many people use Tails to do other things than accessing the Internet through Tor, for example to work offline on sensitive documents.

How does Tor route traffic? ›

Tor uses a technique called onion routing, where data is enveloped in layers of encryption – similar to the layers of an onion. Implementation of onion routing allows each layer to be decrypted at each relay, revealing the next relay to pass the data to until it reaches its final destination.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Tyson Zemlak

Last Updated:

Views: 5424

Rating: 4.2 / 5 (43 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Tyson Zemlak

Birthday: 1992-03-17

Address: Apt. 662 96191 Quigley Dam, Kubview, MA 42013

Phone: +441678032891

Job: Community-Services Orchestrator

Hobby: Coffee roasting, Calligraphy, Metalworking, Fashion, Vehicle restoration, Shopping, Photography

Introduction: My name is Tyson Zemlak, I am a excited, light, sparkling, super, open, fair, magnificent person who loves writing and wants to share my knowledge and understanding with you.