💾 Archived View for thebackupbox.net › ~epoch › blog › transproxy captured on 2024-12-17 at 10:13:00. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-07-09)
-=-=-=-=-=-=-
This is used to let all the machines on my LAN (21.41.41.0/24) have access to tor without needing to run tor on each machine.
It hasn't been checked for leaks. Anyone on anonet can probably also use it if they set a route for the VirtualAddrNetworks.
If you're reading this I'm assuming you mostly already know what you're doing.
These config files live on enzo.whois.ano which is an x86 netbook with a broken screen.
It is configured with two IPs in my anonet range. 2 and 5.
I configure IPv4 and IPv6 to use the same host numbers
so unbound can use one, and knot can use the other.
VirtualAddrNetworkIPv4 100.64.0.0/10 VirtualAddrNetworkIPv6 fd63:1e39:6f73:2929:ffff::/80 TransPort 0.0.0.0:9040 TransPort [::]:9040 AutomapHostsSuffixes . DNSPort 21.41.41.2:9053
server:
domain-insecure: "onion"
domain-insecure: "exit"
local-zone: "onion" nodefault
local-zone: "exit" nodefault
forward-zone:
name: "exit"
forward-addr: 21.41.41.2@9053
forward-zone:
name: "onion"
forward-addr: 21.41.41.2@9053
-A PREROUTING -d 100.64.0.0/10 -i enp1s0 -p tcp -j REDIRECT --to-ports 9040 -A OUTPUT -d 100.64.0.0/10 -p tcp -j REDIRECT --to-ports 9040
-A PREROUTING -d fd63:1e39:6f73:2929:ffff::/80 -i enp1s0 -p tcp -j REDIRECT --to-ports 9040 -A OUTPUT -d fd63:1e39:6f73:2929:ffff::/80 -p tcp -j REDIRECT --to-ports 9040
#!/bin/sh /sbin/iptables-restore < /etc/iptables.up.rules /sbin/ip6tables-restore < /etc/ip6tables.up.rules