So if no match in ipset then it should not reroute traffic. How it will be then? Some kind of if-else construction? Also torproject.org in ipset why it is not routed?
The iplist is empty. Go back here and verify you got all the steps right. If there are no entries in the iplist everything will be sent to tor. As for why some page is not working, this is something you'll have to troubleshoot in tor.
uci -q delete firewall.dns_int
uci set firewall.dns_int="redirect"
uci set firewall.dns_int.name="Intercept-DNS"
uci set firewall.dns_int.src="lan"
uci set firewall.dns_int.src_dport="53"
uci set firewall.dns_int.dest_port="9053"
uci set firewall.dns_int.family="ipv4"
uci set firewall.dns_int.proto="udp"
uci set firewall.dns_int.target="DNAT"
uci -q delete firewall.tcp_int
uci set firewall.tcp_int="redirect"
uci set firewall.tcp_int.name="Intercept-TCP"
uci set firewall.tcp_int.src="lan"
uci set firewall.tcp_int.dest_port="9040"
uci set firewall.tcp_int.family="ipv4"
uci set firewall.tcp_int.proto="tcp"
uci set firewall.tcp_int.extra="--syn"
uci set firewall.tcp_int.target="DNAT"
uci commit firewall
/etc/init.d/firewall restart
8. Adding ipset route to /etc/config/firewall file
config ipset
option enabled '1'
option name 'routetotor'
option match 'ip'
option storage 'hash'
config redirect
option src 'LAN'
option name 'TorHTTP'
option dest 'wan'
option target 'DNAT'
option ipset 'routetotor dest'
list proto 'tcp'
list proto 'udp'
option src_dport '80'
option dest_port '9040'
config redirect
option src 'LAN'
option name 'TorHTTPs'
option dest 'wan'
option target 'DNAT'
option ipset 'routetotor dest'
list proto 'tcp'
list proto 'udp'
option src_dport '443'
option dest_port '9040'
Lower case letters, linux is case sensitive. I fixed the wiki to avoid confusion. It would help though to restart the firewall instead of rebooting, you would see the error message.
I installed dnsmasq-full and followed the steps in the page and I have the line in the firewall [0:0] -A zone_lan_prerouting -p tcp -m tcp --dport 80 -m set --match-set routetotor dst -m comment --comment "!fw3: TorHTTP" -j REDIRECT --to-ports 9040
Are there any hits in the iptables rules? I don't see any, all are [0:0]
Which IPs are in the ipset? ipset list routetotor
Which IPs are resolved for youtube? host youtube.com
I cannot help you much more unfortunately. You should have already understood how is the redirect and the ipset working.
Verify in tor server that only pages meant for tor are redirected.
Compare the IP addresses in the IPset with the IP addresses that you resolve for the sites you want to send to tor and sites that shouldn't go to tor. If some IP is used by both, then both sites will be sent to tor.
This is sending all the tcp traffic from lan to tor unconditionally. I don't remember advising you to use it, so I am not sure what is it doing there. If you want to access more protocols from tor you can use it.
YESS!! THAT WORK THANKS TRENDY!!! YOU ARE SO TRENDY
config redirect 'dns_int'
option name 'Intercept-DNS'
option src 'lan'
option src_dport '53'
option dest_port '9053'
option family 'ipv4'
option proto 'udp'
option target 'DNAT'
option ipset 'routetotor dest'
config redirect 'tcp_int'
option name 'Intercept-TCP'
option src 'lan'
option dest_port '9040'
option family 'ipv4'
option proto 'tcp'
option extra '--syn'
option target 'DNAT'
option ipset 'routetotor dest'
Tied DNS and TCP intercept to ipset. Now ONLY selected address go to tor route and ask chapta which is normal when use tor :). Other sites like youtube have direct connection to web. Should I add this to TOR client page? or start new page?