2

For using Tor, I would like to use a separate user account on my Debian system:

  • Every Internet connection from this user account must go through Tor.
  • If something can’t be sent using Tor, it should be blocked.

Is this possible? If yes, is this advisable? Are there any pitfalls?

I can’t use a live system or virtualization, and I’d imagine (assuming that it’s technically possible) that a Tor-only user account is a suitable way to hinder applications leaking my IP address.

unor
  • 398
  • 1
  • 19
  • There is another question about doing this for all users via iptables somewhere (couldn't find it right away). If you can find that, its rules can probably be adapted to use the --uid-owner option. –  Dec 30 '14 at 14:28

2 Answers2

1

You can set the PROXY environment variable to use tor for this account in your ~/.bashrc file:

export http_proxy=http://DOMAIN\USERNAME:PASSWORD@SERVER:PORT/

It will work for some applications that read those variables but not for all.

You can also use iptables to filter packet sent by a specific user application. This will work if you run tor as root.

iptables -A OUTPUT -o ethX -m owner --uid-owner {USERNAME} -j DROP

But as servers and applications can be run by root and send TCP packet on user request, you may not be able to block everything. For example if you have a DNS server running on your machine. DNS request will be see by iptables as coming from root.

Sebastian
  • 2,229
  • 10
  • 26
John Hill
  • 56
  • 1
0

Your question is probably duplicate.

See, here is answer: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy

And here: https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IsolatingProxy

The clear solution, anyway, is to use separate station, second computer for Tor, it is Isolating Proxy.

anonymousGuest
  • 1