Transparent proxying in I2P and Tor

    Hello!
    I wanted to install a caching proxy based on Polipo, and at the same time set up transparent proxying for i2p and Tor. Of all the services that are in these anonymous networks (mail, torrents, etc.) I use only the web, so most likely you will not be able to use services that use the non-http protocol if you follow this instruction.
    I have a home server on Debian that distributes the Internet. Used TinyProxy as a domain-based distributor, two polipo daemons - one for caching the Internet, the second for (more) converting socks5 to http proxies to register it in TinyProxy, well, it also caches Tor traffic separately; dnsmasq for resolving .i2p and .onion addresses (I have used it before for DNS and for DHCP).
    We assume that I2P and Tor are already configured and working.

                    I2P (4444)
                    /
    LAN port - TinyProxy (8888) - Polipo-WAN (8123)
                    \
                    Polipo-Tor (8124) - Tor (9050)


    Let's get started!


    dnsmasq

    First, configure dnsmasq so that the browser can get some non-existent ip for .i2p and .onion domains.
    An excerpt from /etc/dnsmasq.conf:
    address=/.i2p/192.168.99.99
    address=/.onion/192.168.99.99


    Tinyproxy

    Now configure TinyProxy. In this server, upstream rules are executed according to the “last - the main” principle, so if we put upstream for the Internet after upstream for .i2p and .onion, nothing will work.
    Excerpt from /etc/tinyproxy.conf:
    upstream 127.0.0.1:8123
    upstream 127.0.0.1:4444 ".i2p"
    upstream 127.0.0.1:8124 ".onion"


    Polipo

    Everything is simple here. Polipo for WAN is customizable to taste, but in Polipo for Tor everything is the same, just add the lines:
    socksParentProxy = "localhost:9050"
    socksProxyType = socks5


    iptables

    Probably the most important part. Without it, it won’t work. We execute the command:
    sudo iptables -t nat -I PREROUTING -i _LANETH_ -d ! 192.168.4.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 8888

    Where _LANETH_ is the LAN interface of the LAN, and 192.168.4.0/24 is your local subnet.

    That's all, actually! You can go to .i2p and .onion sites without additional browser settings from any device.

    Also popular now: