Using Tor on LAN port

The Tor firmware downloaded from our website only route connections from ssid – “Tor” to the tor network. If you want to router all connection from LAN to the Tor network, you need to duplicate the configuration. Here is the detailed guidance.

_**

**_

SSH to your router and modify the following scripts, then reboot the router. You can ssh to your router when connected to ssid: openwrt.

If you have set a password, use ssh:

$ ssh root@192.168.1.1

If you haven’t set a password, use telnet

$ telnet 192.168.1.1

/etc/config/network

comment red lines, add green lines

config interface ‘lan’
#       option ifname ‘eth1’
option force_link ‘1’
#       option type ‘bridge’
option proto ‘static’
option ipaddr ‘192.168.1.1’
option netmask ‘255.255.255.0’
option ip6assign ’60’

config interface ‘tor1’
option ifname ‘eth1’
option proto ‘static’
option ipaddr ‘172.16.2.1’
option netmask ‘255.255.255.0’

/etc/config/dhcp

Add following lines

config dhcp ‘tor1’
option interface tor1
option start 100
option limit 150
option leasetime 1h
option ra server

/etc/config/firewall
Add all the following sections
config zone

option name ‘tor1’

option network ‘tor1’

option input ‘REJECT’

option output ‘ACCEPT’

option forward ‘REJECT’

option conntrack ‘1’

config rule

option name ‘Allow-Tor-DHCP’

option src ‘tor1’

option proto ‘udp’

option dest_port ’67’

option target ‘ACCEPT’

option family ‘ipv4’

config rule

option name ‘Allow-Tor-DNS’

option src ‘tor1’

option proto ‘udp’

option dest_port ‘9053’

option target ‘ACCEPT’

option family ‘ipv4’

config rule

option name ‘Allow-Tor-Transparent’

option src ‘tor1’

option proto ‘tcp’

option dest_port ‘9040’

option target ‘ACCEPT’

option family ‘ipv4’

config rule

option name ‘Allow-Tor-SOCKS’

option src ‘tor1’

option proto ‘tcp’

option dest_port ‘9050’

option target ‘ACCEPT’

option family ‘ipv4’

/etc/firewall.user

Add green lines


enable_transparent_tor() {
iptables -t nat -A PREROUTING -i wlan0-1 -p udp –dport 53 -j REDIRECT –to-ports 9053
iptables -t nat -A PREROUTING -i wlan0-1 -p tcp –syn -j REDIRECT –to-ports 9040
  iptables -t nat -A PREROUTING -i eth1 -p udp –dport 53 -j REDIRECT –to-ports 9053
iptables -t nat -A PREROUTING -i eth1 -p tcp –syn -j REDIRECT –to-ports 9040

}

enable_transparent_tor

/etc/tor/torrc

Add green lines

User tor
VirtualAddrNetwork 10.192.0.0/10
TransPort 9040
TransListenAddress 172.16.1.1
TransListenAddress 172.16.2.1                                         
DNSPort 9053
DNSListenAddress 172.16.1.1
DNSListenAddress 172.16.2.1