[CoLoCo] Help with iptables

[Ringo Kamens]

Jim Hutchinson wrote:
> On Fri, Oct 3, 2008 at 12:44 AM, Ringo Kamens <ringo at coimc.org> wrote:
> 
>> Hey iptables Gurus!
>>
>> I'm trying to set up a LVM (using qemu) that routes all traffic through
>> tor (torproject.org). I heard that you can use iptables to route all of
>> a particular user's traffic to a specific location. In this case, I
>> would like to forward *all* requests to localhost:9050 which is a
>> socks4a proxy. If the proxy doesn't know what to do with it, that's fine
>>  in which case I'd just like the requests to die there.
> 
> 
> Firestarter is a front end for iptables and may be easier to figure out. I
> don't find iptables at all easy to use. However, if you just want to use a
> socks proxy on web traffic you can set that up easily in firefox. I'm not
> sure what other traffic you would want to proxy but if it's just web then
> the firefox way is much easier.
> 
> 
My idea was to set up a qemu virtual machine so that *all* traffic from
that machine (firefox, updates, nmap, etc.) would be routed through a
proxy transparently without me having to input proxy settings. This way,
it would defend me against DNS leaks and the possibility that my machine
is exploited. That way, if I'm surfing the web anonymously and my
machine is hacked, they won't be able to do a ping adversary.com and
crack my anonymity protection. Also, this would allow me to use flash,
etc. over tor. This is really just something I'm doing as a
proof-of-concept. I know it's been done before but I'd like to do it for
myself just for the experience.
Ringo