Thursday, February 9, 2012

How To Set Up A TOR Middlebox Routing All VirtualBox Virtual Machine Traffic Over The TOR Network

This tutorial will show you how to reroute all traffic for a virtual machine through the Tor network to ensure anonymity. It assumes a standalone machine with a Linux OS, and VirtualBox installed. In this case, we'll be using Ubuntu on the host machine.
Thanks to
All commands on the host machine should be run as root (sudo or su.

Step 1 - Add A Bridge Interface For Your Virtual Machine (VM) On The Host Machine (HM)

# apt-get install bridge-utils
Add the following to /etc/network/interfaces:
# VirtualBox NAT bridge
auto vnet0
iface vnet0 inet static
 bridge_ports none
 bridge_maxwait 0
 bridge_fd 1
 up iptables -t nat -I POSTROUTING -s -j MASQUERADE
 down iptables -t nat -D POSTROUTING -s -j MASQUERADE
Start the bridge interface:
# ifup vnet0

Step 2 - Setup DHCP And DNS For Clients

# apt-get install dnsmasq
Edit /etc/dnsmasq.conf to include:
Start the daemon:
# /etc/init.d/dnsmasq restart

Step 3 - Install And Set Up TOR

Edit /etc/tor/torrc and add:
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53
Restart TOR:
#/etc/init.d/tor restart
Create and edit on the HM:

# destinations you don't want routed through Tor

# Tor's TransPort

# your internal interface

iptables -F
iptables -t nat -F

for NET in $NON_TOR; do
 iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN
iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
and run it:

Step 4 - Set Up The Virtual Machine On The HM

Open VirtualBox, start the machine. Go to Devices > Network Adapter. Disable all network adapters except Adapter 1.
Set the following options:
Attached to: Bridged Adapter
Name: vnet0
Click OK.
Finally make sure your virtual machine gets its IP address via DHCP, and refresh the DHCP client/reboot the VM. It should have an IP in the range 172.16.0.n, name resolver and gateway

No comments:

Post a Comment