torrc
SocksPort 10.12.30.70:9050
SocksPolicy accept 10.12.0.0/8
SocksPolicy reject *
RunAsDaemon 1
DataDirectory /var/lib/tor
ControlPort 9051
CookieAuthentication 1
VirtualAddrNetworkIPv4 10.192.0.0/16
AutomapHostsOnResolve 1
TransPort 10.12.30.70:9040
DNSPort 10.12.30.70:53
TransPort 10.90.0.1:9040
DNSPort 10.90.0.1:53
iptables
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p udp -m conntrack --ctstate NEW -m udp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW -m tcp --dport 9040 -j ACCEPT
-A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW -m tcp --dport 9050 -j ACCEPT
-A INPUT -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth1 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A FORWARD -i eth0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ACCEPT
-A PREROUTING -i eth1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -i eth1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
-A PREROUTING -d 10.192.0.0/10 -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
