It is certainly cool to ONLY allow Tor to the internet, but in my opinion in real world, there are some connections/circumstances where you want don't want to have Tor in the middle: Mail, Webaccounts, data-intensive downloads/upgrades. I think, that's where p.e. Torbutton comes in ... and the trouble starts.
Being certainly *NOT* a firewall-expert, I'm using "Firestarter" to handle my IPtables-Configuration. I configured the TransparentProxy via the Firestarter user-pre-file from this source: https://techstdout.boum.org/TorDns/#index1h2: ------------------------------ TOR_DNS=enabled TOR_USER='debian-tor' TOR_UID="`getent passwd $TOR_USER | awk -F: '{print $3}'`" if [ "$TOR_DNS" = enabled -a -n "$TOR_UID" ]; then # Let the Tor-generated packets go $IPT -t nat -A OUTPUT -o $IF -m owner --uid-owner $TOR_UID -j RETURN # Let the packets to non-routables (i.e. local) networks go while read block garbage do $IPT -t nat -A OUTPUT -o $IF -d $block -j RETURN done < /etc/firestarter/non-routables # Redirect to the local (torified) nameserver any DNS connection left $IPT -t nat -A OUTPUT -o $IF -p tcp --dport 53 -j REDIRECT --to-ports 53 $IPT -t nat -A OUTPUT -o $IF -p udp --dport 53 -j REDIRECT --to-ports 53 else echo Warning: DNS forwarding through Tor is disabled. fi ------------------------------ I don't know why, but I assume with this option, Tor drops the connection after some time. So I set torrc: KeepalivePeriod 20 and now it works for me. Firestarter outgoing rules (whitelist) : Allow port 80 and , 143, 443 from firewall. I don't know if that configuration makes any sense, but it seems more flexible for me. Improvements very welcome, Niklas Am Dienstag, den 24.08.2010, 14:33 -0400 schrieb Andrew Lewman: > On Tue, 24 Aug 2010 13:54:14 -0400 > Michael Gomboc <michael.gom...@gmail.com> wrote: > > > Could some net filter expert give me some advise how to use iptables > > with TOR? > > For your specific question, > https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/BlockNonTorTrafficDebian > > For the larger question of pushing traffic through tor: > https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy > *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/