Transparent Proxy - secure, isolated box (JonDoBOX)

Ideas to everything that could be useful. Proposals and tips for JonDonym programming.
sovereignpress
Posts: 188
Joined: Sat Aug 25, 2012 1:02
Contact:

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by sovereignpress » Tue Dec 16, 2014 21:12

I have been using this setup for about a year. HTTP and HTTPS work perfect.
proper wrote:I mean, you first use iptables to redirect all the systems traffic ("Trans data stream") to redsocks, and redsocks forwards it to JonDo's http port (default: 4001)? (Obviously, JonDo's traffic however must be allowed to connect the open internet. Be it run as as special user or on a gateway [vm] machine.) Right?
No need for Virtual Machine.

In my diagram, it is Redsocks that intercepts a given port and forwards it to a transport.

The same setup applies to SSH, Tor, JonDo, et al.

No leaks whatsoever.

You can even anonymize Bittorent with no leaks.

To use JonDo free services with Redsocks, you have to use the http-connect protocol, not SOCKS.

Remember, the free services do not support SOCKS, so in Redsocks you cannot use SOCKS. Use http-connect. For the premium services, you should use SOCKS5.

For performance reasons, the free services are not recommend, as it is slow.
http://www.sovereignpress.org - The Privacy Book.

proper
Posts: 39
Joined: Sun Apr 01, 2012 21:19

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by proper » Tue Dec 16, 2014 23:07

sovereignpress wrote:No leaks whatsoever.
Hard to say without any iptables to compare with.
To use JonDo free services with Redsocks, you have to use the http-connect protocol, not SOCKS.

Remember, the free services do not support SOCKS, so in Redsocks you cannot use SOCKS. Use http-connect. For the premium services, you should use SOCKS5.
Indeed. Just remembered. JonDo free also supports http-connect.

But with JonDo free, you will be only able to connect to ports 80 and 443? An inherited limitatiation by JonDo free?

How do you resolve DNS? Using a public DNS server?

Because to my research a few years ago ([general, any proxy] see https://www.whonix.org/wiki/Dev/Inspira ... ing_Method) it was not possible without using a public DNS server.

heddha
Posts: 3
Joined: Tue Aug 16, 2016 10:56

Re: Transparent Proxy - secure, isolated box (JonDoBOX)

Post by heddha » Tue Aug 16, 2016 13:25

Could someone tell me why it's important to configure iptables for a different user than the one JonDo runs on?

Post Reply