Active Topics
-
Firefox with Leste (5)
to Maemo 7 / Leste by teroyk - 1 day, 13 hrs ago -
Handbook (2)
to Maemo 7 / Leste by teroyk - 2 days, 12 hrs ago - more...
|
|
2014-07-04
, 09:13
|
|
Guest |
Posts: n/a |
Thanked: 0 times |
Joined on
|
#12
|
You will probably need to look at this, to ensure that services are indeed started AFTER network is UP 
Yeah, systemd has some issues (Linus is Yelling at the maintainer)
http://www.freedesktop.org/wiki/Soft...NetworkTarget/
Yeah, systemd has some issues (Linus is Yelling at the maintainer)
http://www.freedesktop.org/wiki/Soft...NetworkTarget/
|
2014-07-04
, 09:37
|
|
Posts: 63 |
Thanked: 37 times |
Joined on Jul 2010
|
#13
|
Thanks nieldk!
I'm a bit new to the Sailfish OS.
So if I understand it correctly:
The dhclient should always set 127.0.0.1 as nameserver (no matter what).
This script:
Should run after Tor daemon has been started and after every network switch (the systemd part).
Then all outgoing traffic (except for localhost) will be routed trough Tor and I'll be able to resolve .onion names.
Also I'll be flagged as an "extremist" by the NSA according to recent news :P
I'm a bit new to the Sailfish OS.
So if I understand it correctly:
The dhclient should always set 127.0.0.1 as nameserver (no matter what).
This script:
Code:
#!/bin/sh #the UID that Tor runs as (varies from system to system) _tor_uid="0" #Tor's TransPort _trans_port="9040" ### flush iptables iptables -F iptables -t nat -F ### set iptables *nat iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53 #allow clearnet access for hosts: 127.0.0.0/9 127.128.0.0/10 iptables -t nat -A OUTPUT -d 127.0.0.0/9 -j RETURN iptables -t nat -A OUTPUT -d 127.128.0.0/10 -j RETURN #redirect all other output to Tor's TransPort iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port ### set iptables *filter iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #allow clearnet access for hosts: 127.0.0.0/8 iptables -A OUTPUT -d 127.0.0.0/8 -j ACCEPT #allow only Tor output iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT iptables -A OUTPUT -j REJECT #Security fix iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,FIN ACK,FIN -j DROP iptables -A OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,RST ACK,RST -j DROP
Then all outgoing traffic (except for localhost) will be routed trough Tor and I'll be able to resolve .onion names.
Also I'll be flagged as an "extremist" by the NSA according to recent news :P
|
|
2015-10-03
, 01:29
|
|
Posts: 64 |
Thanked: 36 times |
Joined on Feb 2012
@ US
|
#14
|
Unfortunately I am not familiar with the ProxyCommand option. Maybe someone else here can help you out?
|
|
2015-10-04
, 01:53
|
|
Posts: 64 |
Thanked: 36 times |
Joined on Feb 2012
@ US
|
#15
|
Perhaps you need to allow the traffic to the remote proxy, which your local proxy 127.0.0.1:3339 connects to.
|
|
2015-10-04
, 06:40
|
|
Posts: 1,288 |
Thanked: 4,316 times |
Joined on Oct 2014
|
#16
|
Originally Posted by gexc
I believe that is the case. I dont ser iptables allowing traffic to 8.8.8.8. For DNS forward.
Perhaps you need to allow the traffic to the remote proxy, which your local proxy 127.0.0.1:3339 connects to.
__________________
You can still support my work by donation - click here
You can still support my work by donation - click here
|
|
2015-10-04
, 07:32
|
|
Posts: 64 |
Thanked: 36 times |
Joined on Feb 2012
@ US
|
#17
|
iptables -t nat -A REDSOCKS -d xxx.xxx.xxx.xxx -j RETURN
replace the xxx's with your remote proxy server
replace the xxx's with your remote proxy server
|
|
2015-10-04
, 08:38
|
|
Posts: 1,288 |
Thanked: 4,316 times |
Joined on Oct 2014
|
#18
|
Read up on iptables usage 
For example: http://www.cyberciti.biz/faq/linux-p...with-iptables/
For example: http://www.cyberciti.biz/faq/linux-p...with-iptables/
__________________
You can still support my work by donation - click here
You can still support my work by donation - click here
|
|
2015-10-04
, 14:19
|
|
Posts: 1,288 |
Thanked: 4,316 times |
Joined on Oct 2014
|
#19
|
My guess, DNS is not setup correctly.
Either in DHCP its not given, or, iptables is blocking DNS requests.
Either in DHCP its not given, or, iptables is blocking DNS requests.
__________________
You can still support my work by donation - click here
You can still support my work by donation - click here
|
|
2017-12-05
, 01:44
|
|
Posts: 7 |
Thanked: 9 times |
Joined on Jul 2014
@ Guangzhou,China
|
#20
|
I made a UI for this(the backend use gost https://github.com/ginuerzh/gost/blo...r/README_en.md )
https://openrepos.net/content/birdzh...gs-gost-button
https://openrepos.net/content/birdzh...gs-gost-button
| The Following 4 Users Say Thank You to 0312birdzhang For This Useful Post: | ||
I'll look into this.