Essentially, this tutorial just follows the tor "anonymizing middlebox" writeup here.
If you hate typing a lot, this script from breadk will do it all for you! Make sure to read through the script to make sure you don't want to change anything! (More about how to use it here!) We do suggest going step by step so you can have the experience of all the upkeep tasks.
We'll begin by installing tor - the onion routing software.
Log into your pi by Ethernet or console cable and run
sudo apt-get update
sudo apt-get install tor
sudo nano /etc/tor/torrcand copy and paste the text into the top of the file, right below the the FAQ notice.
Log notice file /var/log/tor/notices.log VirtualAddrNetwork 10.192.0.0/10 AutomapHostsSuffixes .onion,.exit AutomapHostsOnResolve 1 TransPort 9040 TransListenAddress 192.168.42.1 DNSPort 53 DNSListenAddress 192.168.42.1
Let's edit the host access point so it is called something memorable like Onion Pi - don't forget to set a good password, don't use the default here!
sudo nano /etc/hostapd/hostapd.conf
(Don't forget to do the AP setup step in "Preparation" before this!)
Type the following to flush the old rules from the ip NAT table
sudo iptables -FIf you want to be able to ssh to your Pi after this, you'll need to add an exception for port 22 like this (not shown in the screenshot below)
sudo iptables -t nat -F
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22Type the following to route all DNS (UDP port 53) from interface wlan0 to internal port 53 (DNSPort in our torrc)
sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53Type the following to route all TCP traffic from interface wlan0 to port 9040 (TransPort in our torrc)
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040Next you can check that the ip tables are right with
sudo iptables -t nat -L
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"It will automatically get loaded when the networking is set up on reboot (as we did in the last tutorial on making a Pi access point)
sudo touch /var/log/tor/notices.logCheck it with
sudo chown debian-tor /var/log/tor/notices.log
sudo chmod 644 /var/log/tor/notices.log
ls -l /var/log/torStart the tor service manually
sudo service tor startCheck its really running (you can run this whenever you're not sure, it something is wrong you'll see a big FAIL notice
sudo service tor statusFinally, make it start on boot
sudo update-rc.d tor enable