How can VM traffic be routed through Tor as it leaves a virtual interface?

Discussions related to using VirtualBox on Linux hosts.
Post Reply
cuckoo
Posts: 4
Joined: 28. Jul 2022, 14:01

How can VM traffic be routed through Tor as it leaves a virtual interface?

Post by cuckoo »

Hi, I have a Windows VM in an Ubuntu host and have configured a virtual interface (vboxnet0) for a host-only VM. I have program sniffing the VM traffic as goes through vboxnet0. I'd like to route the network traffic through this interface and, as traffic leaves the interface, be routed by the Tor protocol. I have installed a script from GitHub (toriptables3) to install the appropriate ip tables and have tried to add my own rules to have Tor route the VM's traffic. Tor is enabled on host but it doesn't for my VM (which is still using my public ip address). I would really appreciate it if somebody could help me out. Below you can see the iptable rules loaded by toriptables3:

Code: Select all

*filter
:INPUT ACCEPT [1834:1987621]
:FORWARD DROP [1211:93812]
:OUTPUT ACCEPT [0:0]
-A OUTPUT ! -s 127.0.0.1/32 ! -d 127.0.0.1/32 ! -o lo -p tcp -m tcp --tcp-flags RST,ACK RST,ACK -j DROP
-A OUTPUT ! -s 127.0.0.1/32 ! -d 127.0.0.1/32 ! -o lo -p tcp -m tcp --tcp-flags FIN,ACK FIN,ACK -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -d 127.0.0.0/9 -j ACCEPT
-A OUTPUT -d 127.128.0.0/10 -j ACCEPT
-A OUTPUT -d 127.0.0.0/8 -j ACCEPT
-A OUTPUT -d 192.168.0.0/16 -j ACCEPT
-A OUTPUT -d 172.16.0.0/12 -j ACCEPT
-A OUTPUT -m owner --uid-owner 129 -j ACCEPT
-A OUTPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Sat Aug  6 15:58:37 2022
# Generated by iptables-save v1.8.4 on Sat Aug  6 15:58:37 2022
*nat
:PREROUTING ACCEPT [87:9285]
:INPUT ACCEPT [17:4469]
:OUTPUT ACCEPT [3:193]
:POSTROUTING ACCEPT [41:2863]
-A OUTPUT -m owner --uid-owner 129 -j RETURN
-A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A OUTPUT -d 127.0.0.0/9 -j RETURN
-A OUTPUT -d 127.128.0.0/10 -j RETURN
-A OUTPUT -d 127.0.0.0/8 -j RETURN
-A OUTPUT -d 192.168.0.0/16 -j RETURN
-A OUTPUT -d 172.16.0.0/12 -j RETURN
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
COMMIT
Post Reply