How To Set Up A TOR Middlebox Routing All VirtualBox Virtual Machine Traffic Over The TOR Network

This tutorial will show you how to reroute all traffic for a virtual machine through the Tor network to ensure anonymity. It assumes a standalone machine with a Linux OS, and VirtualBox installed. In this case, we'll be using Ubuntu on the host machine.

Thanks to

- http://www.tolaris.com/2009/03/05/using-host-networking-and-nat-with-virtualbox/

- https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy

- http://www.rootdamnit.eu/2011/12/10/virtualbox-tor-backtrack-aka-how-to-become-almost-invisible/

All commands on the host machine should be run as root (sudo or su.

Step 1 - Add A Bridge Interface For Your Virtual Machine (VM) On The Host Machine (HM)

# apt-get install bridge-utils

Add the following to /etc/network/interfaces:

# VirtualBox NAT bridge auto vnet0 iface vnet0 inet static

address 172.16.0.1

netmask 255.255.255.0

bridge_ports none

bridge_maxwait 0

bridge_fd 1

up iptables -t nat -I POSTROUTING -s 172.16.0.0/24 -j MASQUERADE

down iptables -t nat -D POSTROUTING -s 172.16.0.0/24 -j MASQUERADE

Start the bridge interface:

# ifup vnet0

Step 2 - Setup DHCP And DNS For Clients

# apt-get install dnsmasq

Edit /etc/dnsmasq.conf to include:

interface=vnet0 dhcp-range=172.16.0.2,172.16.0.254,1h

Start the daemon:

# /etc/init.d/dnsmasq restart

Step 3 - Install And Set Up TOR

Install TOR - INSTUCTIONS

Edit /etc/tor/torrc and add:

VirtualAddrNetwork 10.192.0.0/10 AutomapHostsOnResolve 1 TransPort 9040 TransListenAddress 172.16.0.1 DNSPort 53 DNSListenAddress 172.16.0.1

Restart TOR:

#/etc/init.d/tor restart

Create and edit middlebox.sh on the HM:

#!/bin/sh



# destinations you don't want routed through Tor

NON_TOR="192.168.1.0/24"



# Tor's TransPort

TRANS_PORT="9040"



# your internal interface

INT_IF="vnet0"



iptables -F

iptables -t nat -F



for NET in $NON_TOR; do

iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN

done

iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53

iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT

and run it:

#./middlebox.sh

Step 4 - Set Up The Virtual Machine On The HM

Open VirtualBox, start the machine. Go to Devices > Network Adapter. Disable all network adapters except Adapter 1.

Set the following options:

Attached to: Bridged Adapter

Name: vnet0

Click OK.

Finally make sure your virtual machine gets its IP address via DHCP, and refresh the DHCP client/reboot the VM. It should have an IP in the range 172.16.0.n, name resolver 172.16.0.1 and gateway 172.16.0.1.Advertisement