Transparent proxying in I2P and Tor
Hello!
I wanted to install a caching proxy based on Polipo, and at the same time set up transparent proxying for i2p and Tor. Of all the services that exist in these anonymous networks (mail, torrents, etc.) I use only the web, so most likely you will not be able to use services that use the non-http protocol if you follow this instruction.
I have a home server on Debian that distributes the Internet. I used TinyProxy as a distributor based on domains, two polipo daemons - one for caching the Internet, the second for (mostly) converting socks5 to http proxy, to register it in TinyProxy, and also caching Tor traffic separately; dnsmasq for resolving .i2p and .onion addresses (I have used it before for both DNS and DHCP).
We assume that I2P and Tor are already configured and working.
I2P (4444)
/
LAN port - TinyProxy (8888) - Polipo-WAN (8123)
\
Polipo-Tor (8124) - Tor (9050)
To begin, configure dnsmasq so that the browser can get some non-existent ip for .i2p and .onion domains
Excerpt from /etc/dnsmasq.conf:
')
Now configure TinyProxy. In this server, upstream rules are executed according to the principle “the last - the main thing”, so if we put upstream to the Internet after upstream for .i2p and .onion, nothing will work.
Excerpt from /etc/tinyproxy.conf:
Everything is simple here. We configure Polipo for WAN to taste, and in Polipo for Tor everything is the same, just add the lines:
Probably the most important part. Without it will not work. Execute the command:
Where _LANETH_ is the network interface of the locale, and 192.168.4.0/24 is your local subnet.
That's all! You can walk on .i2p and .onion sites without additional browser settings from any device.
I wanted to install a caching proxy based on Polipo, and at the same time set up transparent proxying for i2p and Tor. Of all the services that exist in these anonymous networks (mail, torrents, etc.) I use only the web, so most likely you will not be able to use services that use the non-http protocol if you follow this instruction.
I have a home server on Debian that distributes the Internet. I used TinyProxy as a distributor based on domains, two polipo daemons - one for caching the Internet, the second for (mostly) converting socks5 to http proxy, to register it in TinyProxy, and also caching Tor traffic separately; dnsmasq for resolving .i2p and .onion addresses (I have used it before for both DNS and DHCP).
We assume that I2P and Tor are already configured and working.
I2P (4444)
/
LAN port - TinyProxy (8888) - Polipo-WAN (8123)
\
Polipo-Tor (8124) - Tor (9050)
Let's start!
dnsmasq
To begin, configure dnsmasq so that the browser can get some non-existent ip for .i2p and .onion domains
Excerpt from /etc/dnsmasq.conf:
address=/.i2p/192.168.99.99
address=/.onion/192.168.99.99')
TinyProxy
Now configure TinyProxy. In this server, upstream rules are executed according to the principle “the last - the main thing”, so if we put upstream to the Internet after upstream for .i2p and .onion, nothing will work.
Excerpt from /etc/tinyproxy.conf:
upstream 127.0.0.1:8123
upstream 127.0.0.1:4444 ".i2p"
upstream 127.0.0.1:8124 ".onion"Polipo
Everything is simple here. We configure Polipo for WAN to taste, and in Polipo for Tor everything is the same, just add the lines:
socksParentProxy = "localhost:9050"
socksProxyType = socks5iptables
Probably the most important part. Without it will not work. Execute the command:
sudo iptables -t nat -I PREROUTING -i _LANETH_ -d ! 192.168.4.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 8888Where _LANETH_ is the network interface of the locale, and 192.168.4.0/24 is your local subnet.
That's all! You can walk on .i2p and .onion sites without additional browser settings from any device.
Source: https://habr.com/ru/post/122835/
All Articles