Changes between Version 14 and Version 15 of doc/DebianDreamPlug


Ignore:
Timestamp:
Jul 8, 2011, 1:15:13 PM (8 years ago)
Author:
runa
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/DebianDreamPlug

    v14 v15  
    310310== Step 13: Happy hacking ==
    311311
    312 At this point, you can do whatever you want. I suggest installing ''openssh-server'' so that you can drop the JTAG board and connect to the device via SSH. Have fun!
    313 
    314 = Happy extended hacking with Tor =
    315 
    316 There are a number of things you can do with Tor, and below are some examples.
    317 
    318 == Edit /etc/apt/sources.list and install Tor ==
    319 
    320 To make sure that you're running the latest stable version of Tor, edit the ''/etc/apt/sources.list'' to use the torproject.org package repository. See https://www.torproject.org/docs/debian.html.en for further instructions. Follow option two if you want the stable version, option three for the development branch.
    321 
    322 Once that's done, install ''tor'' and ''tor-geoipdb''.
    323 
    324 == Open Wifi that routes over Tor transparently ==
    325 
    326 This section seeks to enable devices that may be unable to run a native Tor or have questionable proxy support. This takes a page from the https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy page.
    327 
    328 You must have the '''uaputl''' binary compiled and ready for use (see Step 12 above). Additionally, we require AP support with the Marvell chipset.
    329 
    330 Install a small dhcpd server:
    331 {{{
    332 apt-get install udhcpd
    333 }}}
    334 
    335 Configure it '''/etc/udhcpd.conf''':
    336 {{{
    337 # Sample udhcpd configuration file (/etc/udhcpd.conf)
    338 
    339 # The start and end of the IP lease block
    340 start           172.16.23.10
    341 end             172.16.23.254
    342 
    343 # The interface that udhcpd will use
    344 interface       uap0
    345 
    346 # The maximim number of leases (includes addressesd reserved
    347 # by OFFER's, DECLINE's, and ARP conficts
    348 max_leases      244
    349 
    350 # If remaining is true (default), udhcpd will store the time
    351 # remaining for each lease in the udhcpd leases file. This is
    352 # for embedded systems that cannot keep time between reboots.
    353 # If you set remaining to no, the absolute time that the lease
    354 # expires at will be stored in the dhcpd.leases file.
    355 remaining       no
    356 
    357 # Use Tor's DNSPort and route via Tor
    358 opt     dns     172.16.23.1     
    359 option  subnet  255.255.255.0
    360 opt     router  172.16.23.1
    361 option  domain  local
    362 option  lease   864000          # 10 days of seconds
    363 }}}
    364 
    365 Enable it but disable logging in '''/etc/default/udhcpd''':
    366 {{{
    367 # Comment the following line to enable
    368 DHCPD_ENABLED="yes"
    369 
    370 # Options to pass to busybox' udhcpd.
    371 #
    372 # -S    Log to syslog
    373 # -f    run in foreground
    374 
    375 DHCPD_OPTS=""
    376 }}}
    377 
    378 Start it:
    379 {{{
    380 /etc/init.d/udhcpd start
    381 }}}
    382 
    383 This '''/etc/network/interfaces''' will automatically create the Wireless BSSID, forge the MAC address to something common (to resist SkyHook and similar services, reload Tor and have it bind to the uap0 interface with the proper firewall rules:
    384 {{{
    385 # This file describes the network interfaces available on your system
    386 # and how to activate them. For more information, see interfaces(5).
    387 
    388 # The loopback network interface
    389 auto lo
    390 iface lo inet loopback
    391 
    392 # The primary network interface
    393 auto eth0
    394 iface eth0 inet dhcp
    395 
    396 # The magic Tor wireless network someday
    397 auto uap0
    398 iface uap0 inet static
    399         address 172.16.23.1
    400         netmask 255.255.255.0
    401         network 172.16.23.0
    402         broadcast 172.16.23.255
    403         pre-up ifconfig uap0 hw ether 00:66:66:66:66:66
    404         post-up /etc/init.d/tor reload
    405         post-up /etc/init.d/udhcpd restart
    406         post-up /root/tor-wireless-firewall.sh
    407         post-up /root/uaputl/uaputl sys_cfg_ssid "torproject"
    408         post-up /root/uaputl/uaputl bss_start
    409         pre-down /root/uaputl/uaputl bss_stop
    410 }}}
    411 
    412 Here is the '''tor-wireless-firewall.sh''':
    413 
    414 {{{
    415 #!/bin/sh
    416 
    417 # destinations you don't want routed through Tor
    418 NON_TOR="10.0.2.0/24" # currently hard coded for the network on eth0 or eth1
    419 
    420 # Tor's TransPort
    421 TRANS_PORT="9040"
    422 
    423 # your internal interface
    424 INT_IF="uap0"
    425 
    426 iptables -F
    427 iptables -t nat -F
    428 
    429 for NET in $NON_TOR; do
    430   iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN
    431 done
    432 iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53
    433 iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
    434 }}}
    435 
    436 This is the required Tor configuration that belongs in '''/etc/tor/torrc''':
    437 {{{
    438 # middle box stuff
    439 VirtualAddrNetwork 10.192.0.0/10
    440 AutomapHostsOnResolve 1
    441 TransPort 9040
    442 TransListenAddress 172.16.23.1
    443 DNSPort 53
    444 DNSListenAddress 172.16.23.1
    445 }}}
    446 
    447 Now simply type '''ifup uap0''' and you'll see:
    448 {{{
    449 root@holoscanner:~# ifup uap0
    450 Reloading tor daemon configuration: tor.
    451 SSID setting successful
    452 BSS started!
    453 }}}
    454 
    455 You may stop the wifi network by running '''ifdown uap0''':
    456 {{{
    457 root@holoscanner:~# ifdown uap0
    458 BSS stopped!
    459 }}}
     312At this point, you can do whatever you want. I suggest installing ''openssh-server'' so that you can drop the JTAG board and connect to the device via SSH. You may also want to look at [https://trac.torproject.org/projects/tor/wiki/doc/TorDreamPlug] for instructions on how to install Tor, how to configure Tor as a bridge or a relay, how to set up an open Wifi that routes over Tor transparently etc.