I have been trying to get privoxy to work with the transparent tor i have going on but without success,
its a bit of a complicated situation i have but am hoping for it to remain transparent aswell and preferbly with a switch in openwrt gui to enable or disable privoxy if possible ie stop privoxy it will remain using tor.
This is the setup i got going https://pastebin.com/m7CRT0qH.
What i basically tried in setup privoxy socks5t to 192.168.0.198:8118 and 192.168.2.1:8118
same for the listening ports and messed around with forwarding ports but all without luck.
So the idea is since tor does not filter ads (i got adblock in) to have privoxy alter the websites and remove ads there aswell, im pretty sure this will break some sites thats why i nice stop of the service while tor remains intact would be perfect. With trying to get wifi over tor to work people already helped me as that wiki is aimed at people who use open-wrt as a router initially it was setup as a switch so now its sort of half a router (so tor over wifi works) and lan is handled by my other router that part is still in "switch" mode.
I don't understand this...unless you're simply trying to anonymize your DNS requests too. Just have DNS lookups as normal and; only route browsing into Tor.
I already run dnscrypt so adblock works and no wasnt a seperate question just what already happened here on the forum some days ago getting me setup so tor over wifi works.Now i just wanna add privoxy to it so ads will also be removed from webpages aswell atleast thats the idea.
No worries already appreciate the help and insight.
So not sure im actually solving anything more a thing i wanna try.
So right now its wifi over tor + adblock with dnscrypt else that adblock didnt work.
This setup works fine it blocks most ads at the dns level so thats good sofar.
Now i wanted to add privoxy to this so privoxy modifies the empty boxes or what the dns missed removed that from the website then goes through tor to sent the final results to me.
And since the setup for me was complicated enough that i needed help with wifi over tor i provided the pastebin with the config of the setup.
Edit: yes exactly connect privoxy to the working tor i did this in the setup (socks5t) but it doesnt work
so to make sure privoxy isnt just there for show i put in the proxy address of privoxy on pc and traffic shows in the logs of privoxy just not when using wifi devices its tor only privoxy i dont know why it gets ignored.
No just this thread this is the thread where i asked for help on how i can get privoxy to work with tor on the setup i got. With the edit i thought you ment simply point privoxy to tor with the sock5t and all will work which isnt the case.
Can we see the relevant configs that [improperly don't] direct this traffic into Tor?
(Disregard...I see you posted something in UCI syntax, I know the file-edit method better...so taking some time to read...as I also have to guess what said "relevant configs" would be ).
...sending traffic to the proper place I assumed was done and you just wanted non encrypted-encrypted DNS or something. My apologies.
The dns is fine the pastebin i copied in an earlier reply is the current setup i have.
Im pretty sure what i tried with the redirect traffic is where things also went wrong i kept breaking more then doing good so gave up posted here for help and restored to the previous (these) settings.
Edit: After some more fiddling today i got it working finally thanks again for all those who chimed in.
Edit2: ok it didnt work ipad was being stupid thought i finally had it help still welcome lol.
I've running Tor & Privoxy for years on OpenWrt.
You should NOT use DNS when using Tor
All clients need proxy adjustments, or no internet is available.
Or you only want Tor active on wlan? Normally on all LAN side (lan & wlan) you should run Tor.
My clients only get ip,subnet & gateway. NO DNS!
Client requests first go through Privoxy, then through Tor to internet.
Privoxy settings:
Forwarding Socks 5t: / 192.168.100.1:9050 .
( Space after last dot ! This is the clients Socks 5t redirect ip:port )
Firewall, Custom Rules active (last 2 rules):
# Redirection rules for Transparent Tor
iptables -t nat -A PREROUTING -i lan -p udp –dport 53 -j REDIRECT –to-port 9053
iptables -t nat -A PREROUTING -i lan -p tcp –syn -j REDIRECT –to-port 9040
Thank you for the replies the reason i use dns is for adblock tor makes it useless and the way i have that working now is with dnscrypt so anonimity is still fine while adblock does its thing.
ive tried / 192.168.100.1:9050 . aswell it doesnt work atleast for me the slight success ive had is messing around with port forwarding i want it to be transparent no messing around in browsers that http sites did work ie neverssl.com but https everything else basically fails and i dont know why.
Im not quite sure why dnscrypt and adblock work with the settings i got but as far as i can tell and test with a site here and there it does so im just gonna leave that alone as it seems to work.
Edit: i have tried the commands provided but they error out.
root@OpenWrt:~# iptables -t nat -A PREROUTING -i lan -p udp .dport 53 -j REDIRECT .to-port 9053
Bad argument .dport' Try iptables -h' or 'iptables --help' for more information.
root@OpenWrt:~# iptables -t nat -A PREROUTING -i lan -p tcp .syn -j REDIRECT .to-port 9040
Bad argument .syn' Try iptables -h' or 'iptables --help' for more information.
Edit2: ok i see it translated the - to . but replacing that still error im not familiar at all with commands so not sure why that is.
iptables -t nat -A PREROUTING -i lan -p udp -dport 53 -j REDIREC
T -to-port 9053
Edit3: Tried putting it in firewall > custom rules. turned off the router and back on disabled all other portforwarding rules i had before and it doesnt work at all.Looked in system and kernel log to see if the 2 custom rules would show up there they dont im not sure this is normal or not.
Thanks for the insight i did see the forum did translate another - to a weird longer stripe so i went ahead and replaced them the result still the same nothing works. i have the right ip in privoxy i dont wnna mess with the "config interface" stuff as i bet that would break everything thats why i posted the config i have running as its an odd one.Ill take a look at that torrc file i thought that would be fine as wifi+tor just works fine just when i add privoxy in it nothing works or only http sites which barely excist.
Also in privoxy i seem to get socks5t-forward error 503 negotiation got aborted by the server.
i do have this in the file for tor SOCKSPolicy accept 192.168.0.0/16 router ip is on 192.168.0.198
From my virtual OpenWrt Tor Network, file: torrc has been adjusted:
SOCKSPort 192.168.3.1:9050 # Default: Bind to localhost:9050 for local connections.
VirtualAddrNetwork 10.193.54.0/16 # The virtual Tor ip on OpenWrt
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 9053
Privoxy log (start):
2021-02-26 10:53:38.041 7fa9a49b9d68 Info: Privoxy version 3.0.28
2021-02-26 10:53:38.041 7fa9a49b9d68 Info: Program name: /usr/sbin/privoxy
2021-02-26 10:53:38.041 7fa9a49b9d68 Info: Loading filter file: /etc/privoxy/default.filter
2021-02-26 10:53:38.042 7fa9a49b9d68 Info: Loading actions file: /etc/privoxy/match-all.action
2021-02-26 10:53:38.042 7fa9a49b9d68 Info: Loading actions file: /etc/privoxy/default.action
2021-02-26 10:53:38.044 7fa9a49b9d68 Info: Listening on port 8118 on IP address 192.168.3.1
...
/var/log/notices (Tor log):
# cat /var/log/tor/notices.log
Feb 26 10:51:27.000 [notice] Tor 0.4.5.6 opening new log file.
Feb 26 10:51:27.235 [notice] We compiled with OpenSSL 1010109f: OpenSSL 1.1.1i 8 Dec 2020 and we are running with OpenSSL 1010109f: 1.1.1i. These two versions should be binary compatible.
Feb 26 10:51:27.246 [notice] Tor 0.4.5.6 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1i, Zlib 1.2.11, Liblzma N/A, Libzstd N/A and Unknown N/A as libc.
Feb 26 10:51:27.246 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Feb 26 10:51:27.246 [notice] Read configuration file "/tmp/torrc".
Feb 26 10:51:27.247 [notice] Processing configuration path "/etc/tor/torrc" at recursion level 1.
Feb 26 10:51:27.247 [notice] Including configuration file "/etc/tor/torrc".
Feb 26 10:51:27.249 [notice] You configured a non-loopback address '192.168.3.1:9050' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Feb 26 10:51:27.249 [notice] Opening Socks listener on 192.168.3.1:9050
Feb 26 10:51:27.249 [notice] Opened Socks listener connection (ready) on 192.168.3.1:9050
Feb 26 10:51:27.249 [notice] Opening DNS listener on 127.0.0.1:9053
Feb 26 10:51:27.249 [notice] Opened DNS listener connection (ready) on 127.0.0.1:9053
Feb 26 10:51:27.249 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
Feb 26 10:51:27.249 [notice] Opened Transparent pf/netfilter listener connection (ready) on 127.0.0.1:9040
Feb 26 10:51:27.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Feb 26 10:51:27.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Feb 26 10:51:27.000 [notice] Bootstrapped 0% (starting): Starting
Feb 26 10:51:27.000 [notice] Starting with guard context "default"
Feb 26 10:51:28.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Feb 26 10:51:29.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Feb 26 10:51:29.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
...
Feb 26 10:51:52.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Feb 26 10:51:52.000 [notice] Bootstrapped 100% (done): Done
Configure interface, is just 'Add new interface' on GUI with only an ip address (for Tor), no device attached. This should not interfere with existing interfaces.
Also the Firewall Zone settings should have the Tor interface (accept accept rejected)
Ok that helped immensily i dont have the tor log in var/log/notices or anywhere there.
I somehow keep getting refused by tor just tried to set it up as a proxy in firefox but connection refused.
A log file would be helpfull i bet, ran a full ftpsearch (i dont know commands let alone linux) "notices" does not excist.So i have no idea why its refusing when i have 2 socksports specified. This is on a fritzbox 4040 im not sure this matters but id almost blame the tor here.
Any ideas still welcome as to what i can try but i think all is covered now it just refuses it when it shouldnt.
Normally Tor writes its log to syslog.
It's in torrc file, to set the log to /var/log/notices.log.
## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
Log notice file /var/log/tor/notices.log
## Send every possible message to /var/log/tor/debug.log
#Log debug file /var/log/tor/debug.log
## Use the system log instead of Tor's logfiles
#Log notice syslog
## To send all messages to stderr:
#Log debug stderr
Btw, I've OpenWrt with Privoxy & Tor also running on a Fritz!Box4040
And on ZyXEL P-2812HNU-F1 and on virtual machines...
Ah ok so cant blame the fritz then lol.ive tried top and ps i dont see tor running not sure this is normal.
also dont know a better way to filter tor as a running process if its running or not.
(Also BTW, 
).
