Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tor Anonymizing Middlebox with PFsene

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Luegenbaron
      last edited by

      Hello together

      I want to have a open wifi named OpenTor. But the traffic from this shut go true the the Tor-Network.
      So i have a Interface (DMZMulti) in witch i have my TorRelays. And i have a Interface (OpenTor) on witch i hade the OpenTor AP.

      I want follow this Instruction: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
      look Anonymizing Middlebox

      I do a port forwarding  to redirect all DNS queris to the TorRelay.
      That works

      Now i do a Port forwarding for TCP http and https to the TorRelay

      This is not working, now the TorRelay log says:
      Apr 13 11:21:31.000 [warn] getsockopt() failed: Protocol not available
      Apr 13 11:21:31.000 [warn] Fetching original destination failed. Closing.

      I think its about that disskusion :https://lists.torproject.org/pipermail/tor-talk/2012-April/024046.html

      So i hade no idea to do that.
      I think i have to applie this roule to the PFsense. But i is from linux and i have no idea to translate this to pfsense.
      I is not working with Portforwarding, can i do that with oubound nat or wath?
      iptables -t nat -A PREROUTING -i $_int_if -p tcp –syn -j REDIRECT --to-ports $_trans_port

      Thanks for your time

      Luegenbaron

      1 Reply Last reply Reply Quote 0
      • L
        Luegenbaron
        last edited by

        I found that on: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#BSDPF

        Use the PF ruleset below as an example for FreeBSD and OpenBSD prior to 4.7.

        your internal interface

        int_if = "fxp0"

        Tor's TransPort

        trans_port = "9040"

        set skip on lo

        scrub in

        rdr pass on $int_if inet proto tcp to !($int_if) -> 127.0.0.1 port $trans_port
        rdr pass on $int_if inet proto udp to port domain -> 127.0.0.1 port domain

        Use the PF ruleset below as an example for OpenBSD 4.7 and later.

        your internal interface

        int_if = "fxp0"

        Tor's TransPort

        trans_port = "9040"

        set skip on lo

        match in all scrub (no-df random-id)

        pass in quick on $int_if inet proto tcp to !($int_if) rdr-to 127.0.0.1 port $trans_port
        pass in quick on $int_if inet proto udp to port domain rdr-to 127.0.0.1 port domain

        My question is first wich ruleset i need? Prior 4.7 or later 4.7

        And how i can add this rule to Pfsenes?

        Thanks

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.