I need some help or advices since I've not know what could I do to fix this issue.
I've built an onion pi following the adafruit tutorial.
This basicly is a wifi hotspot that routes all traffic through tor network using a wifi dongle and hostapd, which creates a subnet and give DHCP addresses inside that subnet.
I'm able to connect to the wifi hotspot, to receive automatically a new IP address inside the subnet configured, and to browse Internet flawlessly until I add the Iptables rules that routes the traffic through tor.
Once I've added these rules, the hotspot is not able to exit to the internet, and I cannot explain myself why.
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
If I flush the rules, I'm able again to browse internet with no issues.
This is my torrc config:
Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 172.16.0.0/12
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 192.168.42.1
DNSPort 53
DNSListenAddress 192.168.42.1
And this is my hostapd config:
interface=wlan0
#driver=rtl871xdrv
ssid=DUGA-93
country_code=US
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=1234567891011
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_group_rekey=86400
ieee80211n=1
wme_enabled=1
This is my ifconfig:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.250 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::ba27:ebff:fe8e:191 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:8e:01:91 txqueuelen 1000 (Ethernet)
RX packets 5887 bytes 1912947 (1.8 MiB)
RX errors 0 dropped 127 overruns 0 frame 0
TX packets 4956 bytes 1399984 (1.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 248 bytes 14160 (13.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 248 bytes 14160 (13.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.42.1 netmask 255.255.255.0 broadcast 192.168.42.255
inet6 fe80::2e9:b0ff:fe20:23d1 prefixlen 64 scopeid 0x20<link>
ether 00:e9:b0:20:23:d1 txqueuelen 1000 (Ethernet)
RX packets 2893 bytes 306895 (299.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1549 bytes 1220073 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
As you can see, tor service is running:
● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2019-10-29 13:09:47 GMT; 20min ago
Process: 258 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 258 (code=exited, status=0/SUCCESS)
Oct 29 13:09:47 DUGA-93 systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)...
Oct 29 13:09:47 DUGA-93 systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master).
And I'm running raspbian buster last version (minimal) over a RPI2B+
Linux DUGA-93 4.19.75-v7+ #1270 SMP Tue Sep 24 18:45:11 BST 2019 armv7l GNU/Linux
These are the notices.log from tor:
Oct 29 15:01:48.000 [notice] Tor 0.3.5.8 opening log file.
Oct 29 15:01:48.108 [warn] OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 1010101f: OpenSSL 1.1.1a 20 Nov 2018; running with 1010104f: OpenSSL 1.1.1d 10 Sep 2019).
Oct 29 15:01:48.145 [notice] Tor 0.3.5.8 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Oct 29 15:01:48.146 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 29 15:01:48.146 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Oct 29 15:01:48.146 [notice] Read configuration file "/etc/tor/torrc".
Oct 29 15:01:48.164 [warn] Skipping obsolete configuration option 'TransListenAddress'
Oct 29 15:01:48.164 [warn] Skipping obsolete configuration option 'DNSListenAddress'
Oct 29 15:01:48.167 [notice] Opening Socks listener on 127.0.0.1:9050
Oct 29 15:01:48.167 [notice] Opened Socks listener on 127.0.0.1:9050
Oct 29 15:01:48.167 [notice] Opening DNS listener on 127.0.0.1:53
Oct 29 15:01:48.167 [notice] Opened DNS listener on 127.0.0.1:53
Oct 29 15:01:48.167 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
Oct 29 15:01:48.168 [notice] Opened Transparent pf/netfilter listener on 127.0.0.1:9040
Oct 29 15:01:48.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Oct 29 15:01:50.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Oct 29 15:01:51.000 [notice] Bootstrapped 0%: Starting
Oct 29 15:01:58.000 [notice] Starting with guard context "default"
Oct 29 15:01:58.000 [notice] Signaled readiness to systemd
Oct 29 15:01:58.000 [notice] Opening Socks listener on /run/tor/socks
Oct 29 15:01:58.000 [notice] Opened Socks listener on /run/tor/socks
Oct 29 15:01:58.000 [notice] Opening Control listener on /run/tor/control
Oct 29 15:01:58.000 [notice] Opened Control listener on /run/tor/control
Oct 29 15:01:58.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Oct 29 15:01:58.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Oct 29 15:01:58.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Oct 29 15:01:58.000 [notice] Bootstrapped 100%: Done
BTW, If I do this from the Pi command line:
torify curl https://canihazip.com/s
171.25.193.25
It works. I'm connected to tor since that's not my ip.
Please, could you help me?
Thank you so much. Kind Regards.