TOR and Regular DNS in Ubuntu

From: Here

This is a simple HOWTO to allow any program in Linux to resolve Onion addresses seamlessly, without proxy settings. I have been running this for over a year, and currently 10 HS nodes. This, however, is EXPERIMENTAL.

The reason for this, is I wanted to run Node-Red and other applications and send data via Tor, while still being able to communicate with my Node-Red instance locally. Other programs I also use don't always have settings to add Proxy settings. Using this modification, using the local proxy is no longer needed, as the underlying resolver does that for you.

Hazards: Standard IP queries go through the standard network. In other words, if something in [key].onion calls to google.com, the call to google goes through your NON-Tor link. DNS is also similarly NOT PROTECTED, unless you are using a [dns server].onion , and put that in your resolver.

To get started, Get the following packages (Ubuntu, Debian):

sudo apt-get install tor iptables dnsmasq dnsutils

Add the following to the /etc/tor/torrc file:

VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53
DNSListenAddress 127.0.0.2

Now, restart Tor:

sudo service tor restart

Edit /etc/dnsmasq.conf and add the following:

listen-address=127.0.0.1
resolv-file=/etc/realresolv.conf
server=/onion/127.0.0.2

Make a new file, called /etc/realresolv.conf . Add this in the file:

nameserver 8.8.8.8 (or whatever DNS server you choose)

Restart DNSmasq:

sudo service dnsmasq restart

Run the IPtables firewall update for redirection

sudo iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040

Also, this script must be run at every boot, so add this in /etc/rc.local, ABOVE the "exit 0"

/sbin/iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040