Using Tor on LAN port
The Tor firmware downloaded from our website only route connections from ssid – “Tor” to the tor network. If you want to router all connection from LAN to the Tor network, you need to duplicate the configuration. Here is the detailed guidance.
_**
**_
SSH to your router and modify the following scripts, then reboot the router. You can ssh to your router when connected to ssid: openwrt.
If you have set a password, use ssh:
$ ssh root@192.168.1.1
If you haven’t set a password, use telnet
$ telnet 192.168.1.1
/etc/config/network
comment red lines, add green lines
config interface ‘lan’
# option ifname ‘eth1’
option force_link ‘1’
# option type ‘bridge’
option proto ‘static’
option ipaddr ‘192.168.1.1’
option netmask ‘255.255.255.0’
option ip6assign ’60’
config interface ‘tor1’
option ifname ‘eth1’
option proto ‘static’
option ipaddr ‘172.16.2.1’
option netmask ‘255.255.255.0’
/etc/config/dhcp
Add following lines
config dhcp ‘tor1’
option interface tor1
option start 100
option limit 150
option leasetime 1h
option ra server
/etc/config/firewall
Add all the following sections
config zone
option name ‘tor1’
option network ‘tor1’
option input ‘REJECT’
option output ‘ACCEPT’
option forward ‘REJECT’
option conntrack ‘1’
config rule
option name ‘Allow-Tor-DHCP’
option src ‘tor1’
option proto ‘udp’
option dest_port ’67’
option target ‘ACCEPT’
option family ‘ipv4’
config rule
option name ‘Allow-Tor-DNS’
option src ‘tor1’
option proto ‘udp’
option dest_port ‘9053’
option target ‘ACCEPT’
option family ‘ipv4’
config rule
option name ‘Allow-Tor-Transparent’
option src ‘tor1’
option proto ‘tcp’
option dest_port ‘9040’
option target ‘ACCEPT’
option family ‘ipv4’
config rule
option name ‘Allow-Tor-SOCKS’
option src ‘tor1’
option proto ‘tcp’
option dest_port ‘9050’
option target ‘ACCEPT’
option family ‘ipv4’
/etc/firewall.user
Add green lines
enable_transparent_tor() {
iptables -t nat -A PREROUTING -i wlan0-1 -p udp –dport 53 -j REDIRECT –to-ports 9053
iptables -t nat -A PREROUTING -i wlan0-1 -p tcp –syn -j REDIRECT –to-ports 9040
iptables -t nat -A PREROUTING -i eth1 -p udp –dport 53 -j REDIRECT –to-ports 9053
iptables -t nat -A PREROUTING -i eth1 -p tcp –syn -j REDIRECT –to-ports 9040
}
enable_transparent_tor
/etc/tor/torrc
Add green lines
User tor
VirtualAddrNetwork 10.192.0.0/10
TransPort 9040
TransListenAddress 172.16.1.1
TransListenAddress 172.16.2.1
DNSPort 9053
DNSListenAddress 172.16.1.1
DNSListenAddress 172.16.2.1
About GL.iNet
GL.iNet builds network hardware and software solutions that bring affordable and secure network connectivity to families and businesses all over the world. We work with a wide range of industries, solving everyday internet problems in offices, and providing complex networking solutions such as smart buildings and IoT Networks. At GL.iNet, We believe all successful businesses build upon a strong and secure foundation, which is why our highest priority is perfecting network security and reliability for our partners.