Tor forced open Guest Network

[AreYouShpongled]

Hello.
I have the AC88U with the latest merlin FW (380.66).
Do any of you guys know if I can create a script or whatever to force
all clients connected to a open guest network to use Tor?

 

[Fitz Mutch]

Try this script. If it don't work, will try to figure out why.

/jffs/scripts/enable_tor_for_guests.sh
https://cryptobin.co/a0y3u295, password is lol

 

[AreYouShpongled]

Try this script. If it don't work, will try to figure out why.
/jffs/scripts/enable_tor_for_guests.sh
https://cryptobin.co/a0y3u295, password is lol

Looks promising.
This requries the Tor service to be running already?
How do I turn on the Tor service without enabling Tor for br0? Maybe not the webgui?
I'm getting no internet connection for the guest network after running the script. Seems like the iptables function isn't working 100%?

 

[Fitz Mutch]

How do I turn on the Tor service without enabling Tor for br0?

You may use this script instead of the WebUI to configure Tor. Run this script as-is to start Tor with no devices redirected. Un-comment the commit line if you want the change to stick. You know what to do...

/jffs/scripts/tor-configure.sh

#!/bin/sh
Tor_enable=1
Tor_redir_list="<" # No devices
#Tor_redir_list=".25-30 aa:bb:cc:dd:ee:ff .104 .114 .124" # Only specified devices
#Tor_redir_list="" # LAN(br0)
Tor_socksport=9050
Tor_dnsport=9053
Tor_transport=9040

IPADDR="$(/usr/sbin/nvram get lan_ipaddr)"
NETWORK="${IPADDR%.*}"
[ "${Tor_redir_list:0:1}" != " " ] && Tor_redir_list=" $Tor_redir_list"
Tor_redir_list=$(/bin/echo ${Tor_redir_list// ./ ${NETWORK}.})
Tor_redir_list="${Tor_redir_list// /<}"
/usr/sbin/nvram set Tor_redir_list="$Tor_redir_list"
/usr/sbin/nvram set Tor_socksport="$Tor_socksport"
/usr/sbin/nvram set Tor_dnsport="$Tor_dnsport"
/usr/sbin/nvram set Tor_transport="$Tor_transport"
/usr/sbin/nvram set Tor_enable="$Tor_enable"
#/usr/sbin/nvram commit
/sbin/service restart_tor

 

[pete y testing]

to force
all clients connected to a open guest network to use Tor?

just out of interest can i ask why you would do this eg i assume you want to make the connect client device anonymous online but why ?

 

[AreYouShpongled]

just out of interest can i ask why you would do this eg i assume you want to make the connect client device anonymous online but why ?

It's an idea I had to share and provide wireless internet with friends and family (and neighbours)
without worrying about my own security.
(If you have any thoughs on the possible stupidity of this, I'll be happy to learn about it.
Don't be shy )

 

[AreYouShpongled]

Run this script as-is to start Tor with no devices redirected.

Thanks. Looks like Tor is running:

admin@RT-AC88U-XXXX:/jffs/scripts# ps w| grep Tor
25082 admin    17732 S    Tor -f /tmp/torrc --quiet

But the clue between my guest network (wl1.1), and Tor, does not work.
In fact, when I run the "enable"-script, the guest network loses internet access.
Shouldn't I see the bridge here:

admin@RT-AC88U-XXXX:/jffs/scripts# ebtables -L
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

I'm sorry, but bridging and routing are not my strongest cards.

 

[Fitz Mutch]

# show rules that redirect a guest interface through Tor
iptables -t nat -vnL PREROUTING

# show rules that block a guest interface from direct Internet access
iptables -vnL FORWARD

# show rules that un-bridge a guest interface from (br0) by protocol
ebtables -t broute -L

# merlin's default guest firewall rules would be empty
ebtables -L

# show Dnsmasq config
cat /etc/dnsmasq.conf

# show DHCP settings for the Tor-enabled guest networks
cat /tmp/dnsmasq.tor.conf

 

[hkdavid2008]

You may use this script instead of the WebUI to configure Tor. Run this script as-is to start Tor with no devices redirected. Un-comment the commit line if you want the change to stick. You know what to do...

/jffs/scripts/tor-configure.sh

#!/bin/sh
Tor_enable=1
Tor_redir_list="<" # No devices
#Tor_redir_list=".25-30 aa:bb:cc:dd:ee:ff .104 .114 .124" # Only specified devices
#Tor_redir_list="" # LAN(br0)
Tor_socksport=9050
Tor_dnsport=9053
Tor_transport=9040

IPADDR="$(/usr/sbin/nvram get lan_ipaddr)"
NETWORK="${IPADDR%.*}"
[ "${Tor_redir_list:0:1}" != " " ] && Tor_redir_list=" $Tor_redir_list"
Tor_redir_list=$(/bin/echo ${Tor_redir_list// ./ ${NETWORK}.})
Tor_redir_list="${Tor_redir_list// /<}"
/usr/sbin/nvram set Tor_redir_list="$Tor_redir_list"
/usr/sbin/nvram set Tor_socksport="$Tor_socksport"
/usr/sbin/nvram set Tor_dnsport="$Tor_dnsport"
/usr/sbin/nvram set Tor_transport="$Tor_transport"
/usr/sbin/nvram set Tor_enable="$Tor_enable"
#/usr/sbin/nvram commit
/sbin/service restart_tor

Tor_enable=1
Tor_redir_list="00:0C:XX"
Tor_socksport=9050
Tor_dnsport=9053
Tor_transport=9040
IPADDR="$(nvram get lan_ipaddr)"
NETWORK="${IPADDR%.*}"
[ "${Tor_redir_list:0:1}" != " " ] && Tor_redir_list=" $Tor_redir_list"
Tor_redir_list=$(echo ${Tor_redir_list// ./ ${NETWORK}.})
Tor_redir_list="${Tor_redir_list// /<}"
nvram set Tor_redir_list="$Tor_redir_list"
nvram set Tor_socksport="$Tor_socksport"
nvram set Tor_dnsport="$Tor_dnsport"
nvram set Tor_transport="$Tor_transport"
nvram set Tor_enable="$Tor_enable"

#nvram set "Tor_redir_list=<[mac1]<[mac2]"
service restart_tor

it it work well,thank you very much
the new problem is that the router will issue the new MAC to the iphone mobile when the SSID changed.
Can you show us the code by using NETWORK to get the MAC?
so the router will work better by MAC or by Network.

 

[hkdavid2008]

I mean i need the code to get MACS by the computer host name or by the iphone mobile host name,and then add the MAC address to Tor_redir_list when the router restart every time.
somebody also have this problem:

386.1 RT-AX88 TOR Settings BUG

TOR settings are not retained, in particular the MAC addresses of the devices. Each time the router is restarted, they are lost.

www.snbforums.com