Articles tagged with iptables:

  • An ethernet Tor box

    You are without doubt already familiar with the Tor project. The Tor browser is already a very handy tool to surf anonymously, but what if we had an entire network's traffic forwarded through Tor via a special gateway? Let's transform a tiny router in a transparent Tor proxy, a portable Wifi access point redirecting all traffic to the Tor network!

    Tor logo

    Let's begin with a short presentation of one of my favorite hackable network devices: the TL-MR3020.

    TP-link TL-MR3020

    The portable 3G/4G wireless N router TL-MR3020 from TP-Link

    Despite being marketed as a portable 3G/4G wireless N router, it does not possess any kind of mobile telecommunication interface. Instead, it's a very small and cheap router featuring a 802.11n 150Mbps Wifi interface, a 100Mbps ethernet port, and a USB port. It is powered over a mini-B USB port and it has an extremely low power consumption with an average current draw around 120mA at 5V, i.e. 600mW. Its hardware is pretty limited: an Atheros AR9331 SoC with a 400MHz MIPS processor, 32MB of RAM, and 4MB of flash memory.

    The preliminary step for our Tor box is to install OpenWRT (this example uses Barrier Breaker) so we have a …


  • A smart VPN gateway

    My network setup at home is surprisingly pretty common: a DSL modem (VDSL2 actually) followed by a router featuring an ethernet switch and an 802.11n Wifi access point, configured as a NAT gateway.

    My home network setup before modifications

    My home network setup before modifications

    Let's imagine I'm in a country that doesn't care about the right to private life of its citizens and performs automated mass surveillance, on the pretext of fighting against terrorism or copyright infringement. A gloomy perspective for sure, but let's keep that as our work hypothesis, for what the future holds in store.

    Of course, I could just set up on every computer a VPN whose gateway happens to be in a foreign and more respectful country. However, multiple VPNs on multiple computers are a highly impractical setup for various reasons:

    • VPN configuration has to be done multiple times, and I'm allergic to repetitive tasks
    • The maximum number of concurrent connections is restricted by VPN service providers
    • Access to resources on a local network at the same time is a hassle and need specific configuration, like DNS settings

    So, why not install the VPN once and for all in a privacy-enhancing gateway? We will implement it in a clean, IPv6-compatible …


Categories
Tags
Feeds