Regarding running bitmonerod through Tor, I can run it just fine with torsocks.
When launching bitmonerod I get a bunch of
libtorsocks(6718): WARNING: The symbol res_query() was not found in any shared library with the reported error: Not Found!
Also, we failed to find the symbol __res_query() with the reported error: Not Found
and a bunch of
libtorsocks(6716): sendto: Connection is a UDP or ICMP stream, may be a DNS request or other form of leak: rejecting.
but it runs well and syncs properly after that. All connected peers are reported as 127.0.0.1:9050.
I am not a friend of torsocks. I rather use TOR as a transparent proxy with this function embedded in TOR. I want to share the "how to" for the usecase of a transparent proxy
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy on the local machine, where every TCP connection gets tunneled trough TOR and the Monero wallet gets it's connection through TOR, not a MINER!
This is intended for UNIX users, as MS does not support this function.
What we need is an up to date UNIX system, i run a Debian derivat.
You can use the TOR version of your Distro, i may propose to use the TOR repo.
1.) Go to the TOR homepage and add the TOR repo according to your distro
https://www.torproject.org/docs/installguide.html.enIf you use DEBIAN or UBUNTUlikish systems, go to
https://www.torproject.org/docs/debian.html.en and choose your Distro.
After that, update your package management system
2.) Install the package TOR
3.) Add these lines in your
, on DEBIAN found at
VirtualAddrNetworkIPv4 172.16.0.0/12
TransPort 9040
DNSPort 9053
4.) Now we build two little scripts. The first one will reroute all traffic using iptables, the second one will establish the default settings.
5.) First script for rerouting everything through tor. (I recommend to place it at
/etc/tor/....) I will call it
transparent.bash, make it executable and run it with superuser priviliges.
#!/bin/bash
# Let us call this script transparent.bash and do some netfilter rules on the local machine.
/etc/init.d/tor restart
# Load the Kernel modules
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe ip_conntrack_irc
modprobe ip_conntrack_ftp
modprobe iptable_filter
modprobe iptable_nat
modprobe ipt_REJECT
modprobe xt_recent
modprobe ipt_mac
# Remove all rules
iptables -F
iptables -t nat -F
iptables -X
# Default Policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Allow Established and Related connetcions
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow localhostloop
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Ruleset for Tor Transparent Proxy
iptables -t nat -A OUTPUT -o lo -j RETURN
iptables -t nat -A OUTPUT -m owner --uid-owner "debian-tor" -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 9053
for NET in 127.0.0.0/9 127.128.0.0/10; do
iptables -t nat -A OUTPUT -d $NET -j RETURN
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports 9040
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner "debian-tor" -j ACCEPT
for NET in 127.0.0.0/8; do
iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -j REJECT
6.) Second script one will establish the default settings, i will call it
, make it executable and run it with superuser priviliges.
#!/bin/bash
/etc/init.d/tor stop
# Remove all rules
iptables -F
iptables -t nat -F
iptables -X
# Set the default policies
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
7.) Now we are done and we can start the transparent proxy with
sudo /etc/tor/trasnparent.bash
8.) Check your network for listening ports
...
...
...
tor 2626 debian-tor 7u IPv4 20176 0t0 TCP 127.0.0.1:9050 (LISTEN)
tor 2626 debian-tor 9u IPv4 20178 0t0 TCP 127.0.0.1:9040 (LISTEN)
tor 2626 debian-tor 10u IPv4 20179 0t0 TCP 127.0.0.1:9051 (LISTEN)
...
...
...
9.) Now run your Monero wallet, the output should look like this
2015-Jun-19 08:04:54.372705 Starting...
2015-Jun-19 08:04:54.392937 bitmonero v0.8.8.6-release
2015-Jun-19 08:04:54.394039 Module folder: ./bitmonerod
2015-Jun-19 08:04:54.407926 Initializing P2P server...
2015-Jun-19 08:04:54.463532 Binding on 0.0.0.0:18080
2015-Jun-19 08:04:54.463802 Net service bound to 0.0.0.0:18080
2015-Jun-19 08:04:54.463935 Attempting to add IGD port mapping.
sendto: Operation not permitted
2015-Jun-19 08:04:54.464228 No IGD was found.
2015-Jun-19 08:04:54.464295 P2P server initialized OK
2015-Jun-19 08:04:54.464359 Initializing protocol...
2015-Jun-19 08:04:54.464418 Protocol initialized OK
2015-Jun-19 08:04:54.464477 Initializing core RPC server...
2015-Jun-19 08:04:54.465166 Binding on 127.0.0.1:18081
2015-Jun-19 08:04:54.465324 Core RPC server initialized OK on port: 18081
2015-Jun-19 08:04:54.465439 Initializing core...
2015-Jun-19 08:04:54.476060 Loading blockchain...
2015-Jun-19 08:06:28.846042 Blockchain initialized. last block: 613635, d0.h13.m51.s3 time ago, current difficulty: 851672124
2015-Jun-19 08:06:28.855596 Core initialized OK
2015-Jun-19 08:06:28.855788 Starting core RPC server...
2015-Jun-19 08:06:28.855870 Run net_service loop( 2 threads)...
2015-Jun-19 08:06:28.858551 [SRV_MAIN]Core RPC server started ok
2015-Jun-19 08:06:28.858653 [SRV_MAIN]Starting P2P net loop...
2015-Jun-19 08:06:28.861161 [SRV_MAIN]Run net_service loop( 10 threads)...
2015-Jun-19 08:06:29.863692 [P2P9]
**********************************************************************
The daemon will start synchronizing with the network. It may take up to several hours.
You can set the level of process detailization* through "set_log " command*, where is between 0 (no details) and 4 (very verbose).
Use "help" command to see the list of available commands.
Note: in case you need to interrupt the process, use "exit" command. Otherwise, the current progress won't be saved.
**********************************************************************
2015-Jun-19 08:06:35.981690 [P2P8][37.113.141.135:18080 OUT]Sync data returned unknown top block: 613636 -> 614335 [699 blocks (0 days) behind]
SYNCHRONIZATION started
2015-Jun-19 08:06:59.457405 [P2P8][176.212.88.35:18080 OUT]Sync data returned unknown top block: 613836 -> 614335 [499 blocks (0 days) behind]
SYNCHRONIZATION started
2015-Jun-19 08:07:10.183810 [P2P7][91.153.201.68:18080 OUT]Sync data returned unknown top block: 613974 -> 614335 [361 blocks (0 days) behind]
SYNCHRONIZATION started
2015-Jun-19 08:07:10.690990 [P2P7][62.210.113.107:18080 OUT]Sync data returned unknown top block: 613981 -> 614335 [354 blocks (0 days) behind]
SYNCHRONIZATION started
2015-Jun-19 08:07:16.540999 [P2P4][108.24.83.254:18080 OUT]Sync data returned unknown top block: 614053 -> 614335 [282 blocks (0 days) behind]
SYNCHRONIZATION started
2015-Jun-19 08:07:17.144109 [P2P6][192.99.2.33:18080 OUT]Sync data returned unknown top block: 614062 -> 614335 [273 blocks (0 days) behind]
SYNCHRONIZATION started
2015-Jun-19 08:07:17.812554 [P2P4][109.254.61.223:18080 OUT]Sync data returned unknown top block: 614067 -> 614335 [268 blocks (0 days) behind]
SYNCHRONIZATION started
2015-Jun-19 08:07:36.303158 [P2P8][95.67.238.92:18080 OUT]Sync data returned unknown top block: 614314 -> 614335 [21 blocks (0 days) behind]
SYNCHRONIZATION started
2015-Jun-19 08:07:37.678838 [P2P4][37.113.141.135:18080 OUT] SYNCHRONIZED OK
2015-Jun-19 08:07:37.680811 [P2P4]
**********************************************************************
You are now synchronized with the network. You may now start simplewallet.
Please note, that the blockchain will be saved only after you quit the daemon with "exit" command or if you use "save" command.
Otherwise, you will possibly need to synchronize the blockchain again.
Use "help" command to see the list of available commands.
**********************************************************************
10.) You should be safe from getting your errors from torsocks and run TOR and the wallet properly.
11.) If you want to stop the transparent proy, just run
Your listening ports should not indicate any TOR connection
Happy Moneroj with TOR
