TorBox on a Cloud fixes - have to be tested

radio24 · Sep 23, 2024 · 8296692 · 8296692
1 parent d43913c
commit 8296692
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 4 deletions.
diff --git a/bin/set_interfaces_2 b/bin/set_interfaces_2
@@ -201,6 +201,12 @@ $IPTABLES -A OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-fl
 
 ###### FORWARD chain ######
 echo -e "${RED}[+] Setting up FORWARD chain...${NOCOLOR}"
+# NEW v.0.5.4: Necessary for TorBox on a Cloud --> This rule allows the forwarding of network packets that come in via the Internet-interface and go out via the network- or VPN-interface. The packets have to belong to already established connections or are related to them.
+# -i is the interface with the Internet on it / -o is the interface where the clients are connected to the TorBox
+sudo $IPTABLES -I FORWARD -i $O_DEVICE -o $I_DEVICE1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+sudo $IPTABLES -I FORWARD -i $O_DEVICE -o $I_DEVICE2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+sudo $IPTABLES -I FORWARD -i $O_DEVICE -o $I_DEVICE3 -m state --state RELATED,ESTABLISHED -j ACCEPT
+
 # State tracking rules
 $IPTABLES -A FORWARD -m state --state INVALID -j DROP
 # Allow ICMP Ping

diff --git a/bin/set_interfaces_3 b/bin/set_interfaces_3
@@ -172,10 +172,11 @@ if [ "$FIRST_RUN" == "0" ]; then
  sudo $IPTABLES -t nat -A PREROUTING -i $I_DEVICE2 -m set ! --match-set $CLEARNET_LIST dst -p udp -j REDIRECT --to-port 9040
  sudo $IPTABLES -t nat -A PREROUTING -i $I_DEVICE3 -m set ! --match-set $CLEARNET_LIST dst -p udp -j REDIRECT --to-port 9040
 
+ # NEW v.0.5.4: These rules are newly implemented in set_interfaces_2
  # -i is the interface with the Internet on it / -o is the interface where the clients are connected to the TorBox
- sudo $IPTABLES -I FORWARD 1 -i $O_DEVICE -o $I_DEVICE1 -m state --state RELATED,ESTABLISHED -j ACCEPT
- sudo $IPTABLES -I FORWARD 2 -i $O_DEVICE -o $I_DEVICE2 -m state --state RELATED,ESTABLISHED -j ACCEPT
- sudo $IPTABLES -I FORWARD 3 -i $O_DEVICE -o $I_DEVICE3 -m state --state RELATED,ESTABLISHED -j ACCEPT
+ # sudo $IPTABLES -I FORWARD 1 -i $O_DEVICE -o $I_DEVICE1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+ # sudo $IPTABLES -I FORWARD 2 -i $O_DEVICE -o $I_DEVICE2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+ # sudo $IPTABLES -I FORWARD 3 -i $O_DEVICE -o $I_DEVICE3 -m state --state RELATED,ESTABLISHED -j ACCEPT
 
  # -i is the interface where the clients are connected to the TorBox / -o is the interface with the Internet on it
  sudo $IPTABLES -A FORWARD -i $I_DEVICE1 -o $O_DEVICE -m set --match-set $CLEARNET_LIST dst -j ACCEPT

diff --git a/etc/iptables.ipv4-mini.nat b/etc/iptables.ipv4-mini.nat
@@ -19,6 +19,9 @@
 -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
 -A INPUT -p udp -m udp --dport 1194 -j ACCEPT
+-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i eth0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -m state --state INVALID -j DROP
 -A FORWARD -p icmp -m icmp --icmp-type 8 -j ACCEPT
 -A FORWARD -p icmp -m icmp --icmp-type 0 -j ACCEPT

diff --git a/etc/iptables.ipv4.nat b/etc/iptables.ipv4.nat
@@ -19,6 +19,9 @@
 -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
 -A INPUT -p udp -m udp --dport 1194 -j ACCEPT
+-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i eth0 -o tun1 -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -m state --state INVALID -j DROP
 -A FORWARD -p icmp -m icmp --icmp-type 8 -j ACCEPT
 -A FORWARD -p icmp -m icmp --icmp-type 0 -j ACCEPT

diff --git a/menu b/menu
@@ -312,8 +312,9 @@ else
  " 3" "Restart Tor - check if it is working (press q to quit)" \
  " 4" "Display the Tor log file - quick and dirty (press q to quit)" \
  "===" "===================================[Where is the Internet?]===" \
+ " 5" "Ethernet cable (eth0) or I'm on a cloud (tun1) "$FLASH_ETH0 \
  " " " " \
- " " "On TorBox on a Cloud, menu entry 5-10 are not available! " \
+ " " "On TorBox on a Cloud, menu entry 6-10 are not available! " \
  " " "For special requirements, please contact the TorBox " \
  " " "development team --> https://www.torbox.ch " \
  " " " " \