如何將所有流量引導到Kali linux上

Question

我是tor和Kali linux的新手，我已經安裝了Kali linux並安裝了tor和下載tor包，但是隻有當我瀏覽tor包瀏覽器時，我才意識到當我的流量正在通過tor的渠道，排除任何其他瀏覽器和應用程序。請如何將我在Kali linux上的所有網絡流量通過tor網絡。注意新手對tor和Kali。 感謝

Answer 1

添加以下內容的torrc：

AutomapHostsOnResolve 1 
DNSPort    53530 
TransPort    9040 

創建一個文件包含你的iptables規則。對於IPv4：/etc/iptables.firewall.rules和IPv6：/etc/ip6tables.firewall.rules。

現在編輯IPv4的文件，並添加類似於下面的（確保到grep的TODO項目，並按照說明進行操作）：

# Ues the nat table to redirect some traffic to Tor 

*nat 
:PREROUTING ACCEPT [0:0] 
:INPUT ACCEPT [0:0] 
:OUTPUT ACCEPT [0:0] 
:POSTROUTING ACCEPT [0:0] 

# Don't allow Tor traffic to get stuck in a redirect loop... 
# TODO: Is `tor' your actual Tor user? It might be `debian-tor' or `toranon' or something else. 
-A OUTPUT -m owner --uid-owner tor -j RETURN 

# Redirect DNS lookups to Tor. 
# TODO: Set this to your Tor DNSPort if it's not 53530. 
-A OUTPUT ! -o lo -p udp -m udp --dport 53 -j REDIRECT --to-ports 53530 

# Do not redirect private networks or loopback. 
-A OUTPUT -d 10.0.0.0/8 -j RETURN 
-A OUTPUT -d 172.16.0.0/12 -j RETURN 
-A OUTPUT -d 192.168.0.0/16 -j RETURN 

# Redirect HS connections to the TransPort. 
-A OUTPUT -d 127.192.0.0/10 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040 

# Redirect all TCP traffic to Tor's TransPort. 
-A OUTPUT ! -o lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040 

COMMIT 

# Only accept anonymized network traffic in the filter table. 

*filter 
:INPUT DROP [0:0] 
:FORWARD DROP [0:0] 
:OUTPUT DROP [0:0] 
:LAN - [0:0] 

# Allow loopback 
-A INPUT -i lo -j ACCEPT 

# Allow connections that are already established. 
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 

# Reject incoming connections. 
-A INPUT -p udp -m conntrack --ctstate NEW -j REJECT --reject-with icmp-port-unreachable 
-A INPUT -p tcp -m conntrack --ctstate NEW -j REJECT --reject-with tcp-reset 
-A INPUT -j REJECT --reject-with icmp-port-unreachable 

# Accept network traffic for the Tor service itself. 
# TODO: Tor user? 
-A OUTPUT -m owner --uid-owner tor -j ACCEPT 

# Accept DNS requests to the Tor DNSPort. 
-A OUTPUT -d 127.0.0.1/32 -p udp -m udp --dport 53530 -j ACCEPT 

# Accept outgoing traffic to the local Tor TransPort. 
-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 9040 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT 

# Accept outgoing traffic to the local Tor SOCKSPorts. 
-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 9050 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT 
-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 9150 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT 

# Accept connections on private networks. 
-A OUTPUT -d 10.0.0.0/8 -j LAN 
-A OUTPUT -d 172.16.0.0/12 -j LAN 
-A OUTPUT -d 192.168.0.0/16 -j LAN 
-A LAN -p tcp -m tcp --dport 53 -j REJECT --reject-with icmp-port-unreachable 
-A LAN -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable 
-A LAN -j ACCEPT 

# Reject all other outgoing traffic. 
-A OUTPUT -j REJECT --reject-with icmp-port-unreachable 

COMMIT 

對於IPv6的文件，你可以用ip6tables類似的東西，或只需刪除所有IPv6流量。

現在設置在啓動時加載這些規則與下面的內容創建文件/etc/network/if-pre-up.d/firewall：

#!/bin/sh 
/sbin/iptables-restore < /etc/iptables.firewall.rules 
/sbin/ip6tables-restore < /etc/ip6tables.firewall.rules 

重啓Tor，如果需要的話，並通過執行上述命令手動加載新的防火牆規則。