Transparent proxying in I2P and Tor
Hello!
I wanted to install a caching proxy based on Polipo, and at the same time set up transparent proxying for i2p and Tor. Of all the services that are in these anonymous networks (mail, torrents, etc.) I use only the web, so most likely you will not be able to use services that use the non-http protocol if you follow this instruction.
I have a home server on Debian that distributes the Internet. Used TinyProxy as a domain-based distributor, two polipo daemons - one for caching the Internet, the second for (more) converting socks5 to http proxies to register it in TinyProxy, well, it also caches Tor traffic separately; dnsmasq for resolving .i2p and .onion addresses (I have used it before for DNS and for DHCP).
We assume that I2P and Tor are already configured and working.
I2P (4444)
/
LAN port - TinyProxy (8888) - Polipo-WAN (8123)
\
Polipo-Tor (8124) - Tor (9050)
First, configure dnsmasq so that the browser can get some non-existent ip for .i2p and .onion domains.
An excerpt from /etc/dnsmasq.conf:
Now configure TinyProxy. In this server, upstream rules are executed according to the “last - the main” principle, so if we put upstream for the Internet after upstream for .i2p and .onion, nothing will work.
Excerpt from /etc/tinyproxy.conf:
Everything is simple here. Polipo for WAN is customizable to taste, but in Polipo for Tor everything is the same, just add the lines:
Probably the most important part. Without it, it won’t work. We execute the command:
Where _LANETH_ is the LAN interface of the LAN, and 192.168.4.0/24 is your local subnet.
That's all, actually! You can go to .i2p and .onion sites without additional browser settings from any device.
I wanted to install a caching proxy based on Polipo, and at the same time set up transparent proxying for i2p and Tor. Of all the services that are in these anonymous networks (mail, torrents, etc.) I use only the web, so most likely you will not be able to use services that use the non-http protocol if you follow this instruction.
I have a home server on Debian that distributes the Internet. Used TinyProxy as a domain-based distributor, two polipo daemons - one for caching the Internet, the second for (more) converting socks5 to http proxies to register it in TinyProxy, well, it also caches Tor traffic separately; dnsmasq for resolving .i2p and .onion addresses (I have used it before for DNS and for DHCP).
We assume that I2P and Tor are already configured and working.
I2P (4444)
/
LAN port - TinyProxy (8888) - Polipo-WAN (8123)
\
Polipo-Tor (8124) - Tor (9050)
Let's get started!
dnsmasq
First, configure dnsmasq so that the browser can get some non-existent ip for .i2p and .onion domains.
An excerpt from /etc/dnsmasq.conf:
address=/.i2p/192.168.99.99
address=/.onion/192.168.99.99
Tinyproxy
Now configure TinyProxy. In this server, upstream rules are executed according to the “last - the main” principle, so if we put upstream for the Internet after upstream for .i2p and .onion, nothing will work.
Excerpt from /etc/tinyproxy.conf:
upstream 127.0.0.1:8123
upstream 127.0.0.1:4444 ".i2p"
upstream 127.0.0.1:8124 ".onion"
Polipo
Everything is simple here. Polipo for WAN is customizable to taste, but in Polipo for Tor everything is the same, just add the lines:
socksParentProxy = "localhost:9050"
socksProxyType = socks5
iptables
Probably the most important part. Without it, it won’t work. We execute the command:
sudo iptables -t nat -I PREROUTING -i _LANETH_ -d ! 192.168.4.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 8888
Where _LANETH_ is the LAN interface of the LAN, and 192.168.4.0/24 is your local subnet.
That's all, actually! You can go to .i2p and .onion sites without additional browser settings from any device.