一、网络拓扑
由于我的二级路由和ubuntu主机都是vmware下跑的,所以该openwrt 为x86,
添加2块虚拟网卡:
- 1)、eth1做为wan口,vmware虚拟网络类型:桥接至物理网络,即与该win8主机在一个网段内;
- 2)、eth0作为lan口,vmware虚拟网络类型:仅主机模式。
同时:
- ubuntu主机的网卡,vmware虚拟网络类型:仅主机模式,即与eth0在一个广播域中,可理解为相同网段。
二、编译
根据该帖,https://disman.tl/2014/09/13/tra ... way-on-openwrt.html
Thanks for Dan Staples!!!
再次啰嗦、致歉!由于我的二级路由和ubuntu主机都是vmware下跑的,所以该openwrt 为x86,
编译OpenWRT for TOR,如下:
$ git clone git://github.com/grugq/portal.git$ git clone git://git.openwrt.org/14.07/openwrt.git barrier-breaker$ cd barrier-breaker$ scripts/feeds update -a$ scripts/feeds install -a$ cp -r ../portal/feeds/packages/net/tor-alpha/ package/feeds/packages/$ rm -r package/feeds/oldpackages/tor-alpha$ make menuconfigTarget System ->x86勾选了如下的这三项:
Network->tor-alpha
Network->tor-alpha-fw-helper
Network->tor-alpha-geoip
然后
make V=s
- 全程有惊无险,编译了差不多一天,中间有些东西是用迅雷下的,然后放到了dl目录下,最后刷入了该二级路由(TOR Router)
三、配置
根据http://www.gl-inet.com/using-tor-on-lan-port/
Thinks for GL Innovations!!!
/etc/config/network
注释掉红色,末尾添加绿色行
config interface ‘lan’
# option ifname ‘eth1’
option force_link ‘1’
# option type ‘bridge’
option proto ‘static’
option ipaddr ‘192.168.2.1’
option netmask ‘255.255.255.0’
option ip6assign ’60’ config interface ‘tor1’
option ifname ‘eth1’
option proto ‘static’
option ipaddr ‘172.16.2.1’
option netmask ‘255.255.255.0’
/etc/config/dhcp
末尾添加如下:
config dhcp ‘tor1’
option interface tor1
option start 100
option limit 150
option leasetime 1h
option ra server
/etc/config/firewall
末尾添加如下:
config zone
option name ‘tor1’
option network ‘tor1’
option input ‘REJECT’
option output ‘ACCEPT’
option forward ‘REJECT’
option conntrack ‘1’ config rule
option name ‘Allow-Tor-DHCP’
option src ‘tor1’
option proto ‘udp’
option dest_port ’67’
option target ‘ACCEPT’
option family ‘ipv4’ config rule
option name ‘Allow-Tor-DNS’
option src ‘tor1’
option proto ‘udp’
option dest_port ‘9053’
option target ‘ACCEPT’
option family ‘ipv4’ config rule
option name ‘Allow-Tor-Transparent’
option src ‘tor1’
option proto ‘tcp’
option dest_port ‘9040’
option target ‘ACCEPT’
option family ‘ipv4’ config rule
option name ‘Allow-Tor-SOCKS’
option src ‘tor1’
option proto ‘tcp’
option dest_port ‘9050’
option target ‘ACCEPT’
option family ‘ipv4’
/etc/firewall.user
末尾添加如下:
iptables -t nat -A PREROUTING -i eth1 -p udp –-dport 53 -j REDIRECT -–to-ports 9053
iptables -t nat -A PREROUTING -i eth1 -p tcp –-syn -j REDIRECT -–to-ports 9040
/etc/tor/torrc 添加绿色行 User tor
VirtualAddrNetwork 10.192.0.0/10
TransPort 9040
TransListenAddress 172.16.1.1
TransListenAddress 172.16.2.1
DNSPort 9053
DNSListenAddress 172.16.1.1
DNSListenAddress 172.16.2.1 最后 reboot! 四、ubuntu的TOR测试 1、刚开始刷完路由器,没进行“第三步”的配置时,可以获取到192.168.2.x的IP地址,可正常上网,能访问youtube,facebook;
2、完成“第三步”后,
- a.可获取IP地址,但为172.16.2.x,
- b.无Internet
- c.172.16.2.1 与 192.168.1.1 均ping不通,
openwrt@ubuntu:~/barrier-breaker$ ping 172.16.2.1
PING 172.16.2.1 (172.16.2.1) 56(84) bytes of data.
From 172.16.2.1 icmp_seq=1 Destination Port Unreachable
From 172.16.2.1 icmp_seq=2 Destination Port Unreachable
openwrt@ubuntu:~/barrier-breaker$ ssh root@172.16.2.1
ssh: connect to host 172.16.2.1 port 22: Connection refused
3、root@OpenWrt:~# /etc/init.d/firewall stop 关闭防火墙后: a.ping通172.16.2.1 成功;
b.ssh root@172.16.2.1 成功;
c.ping 192.168.1.1 失败;
7、root@OpenWrt:~# /etc/init.d/tor restart
Oct 28 07:57:18.773 [notice] Tor v0.2.3.22-rc (git-213ba1a70b41ea97) running on Linux.
Oct 28 07:57:18.773 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 28 07:57:18.773 [notice] Read configuration file "/etc/tor/torrc".
Oct 28 07:57:18.774 [notice] You configured a non-loopback address for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 28 07:57:18.775 [notice] You configured a non-loopback address for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 28 07:57:18.775 [notice] You configured a non-loopback address for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 28 07:57:18.775 [notice] You configured a non-loopback address for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 28 07:57:18.775 [notice] You configured a non-loopback address for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 28 07:57:18.775 [notice] You configured a non-loopback address for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 28 07:57:18.776 [notice] Initialized libevent version 2.0.21-stable using method epoll (with changelist). Good.
Oct 28 07:57:18.776 [notice] You configured a non-loopback address for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 28 07:57:18.776 [notice] You configured a non-loopback address for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 28 07:57:18.776 [notice] You configured a non-loopback address for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 28 07:57:18.776 [notice] You configured a non-loopback address for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 28 07:57:18.776 [notice] You configured a non-loopback address for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 28 07:57:18.776 [notice] You configured a non-loopback address for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Oct 28 07:57:18.776 [notice] Opening Socks listener on 127.0.0.1:9050
Oct 28 07:57:18.777 [notice] Opening DNS listener on 172.16.1.1:9053
Oct 28 07:57:18.777 [warn] Could not bind to 172.16.1.1:9053: Cannot assign requested address
Oct 28 07:57:18.777 [notice] Opening DNS listener on 172.16.2.1:9053
Oct 28 07:57:18.777 [notice] Opening Transparent pf/netfilter listener on 172.16.1.1:9040
Oct 28 07:57:18.777 [warn] Could not bind to 172.16.1.1:9040: Cannot assign requested address
Oct 28 07:57:18.777 [notice] Opening Transparent pf/netfilter listener on 172.16.2.1:9040
Oct 28 07:57:18.778 [notice] Closing partially-constructed Socks listener on 127.0.0.1:9050
Oct 28 07:57:18.778 [notice] Closing partially-constructed DNS listener on 172.16.2.1:9053
Oct 28 07:57:18.778 [notice] Closing partially-constructed Transparent pf/netfilter listener on 172.16.2.1:9040
Oct 28 07:57:18.778 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
Oct 28 07:57:18.778 [err] Reading config failed--see warnings above.
结论:是iptables出问题了,还是tor没运行,还是怎么了,恳请各位朋友指点一二??? 最后还要感谢这些文章的主人: https://disman.tl/2014/09/13/transparent-tor-gateway-on-openwrt.html https://forum.openwrt.org/viewtopic.php?id=27354 http://www.gl-inet.com/using-tor-on-lan-port/ https://github.com/grugq/portal
请不要胡乱输入以及粘贴、复制等方式灌水
请尊重作者、并共同维护网站的正常阅读,否则账户将会被限制发帖、回帖,并且积分可能会被清零,站内短信以及阅读权限等都会受到影响,谢谢。
具体限制方式:https://www.right.com.cn/forum/thread-8307840-1-1.html
|