qubes-linux-template-builder/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/tests.sh

#!/bin/bash

. /usr/lib/whonix/utility_functions

#sed -i 's/^DisableNetwork 0/#DisableNetwork 0/g' "/etc/tor/torrc"
#disable_sysv tor
#disable_sysv sdwdate

iptables -F
iptables -t nat -F

LOG_IP4=1
LOG_IP6=0

# for IPv4
if [ "$LOG_IP4" == "1" ]; then
    iptables -t raw -A OUTPUT -p icmp -j TRACE
    iptables -t raw -A PREROUTING -p icmp -j TRACE
    modprobe ipt_LOG
fi

# for IPv6
if [ "$LOG_IP6" == "1" ]; then
    ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-request -j TRACE
    ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-reply -j TRACE
    ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-request -j TRACE
    ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-reply -j TRACE
    modprobe ip6t_LOG
fi

sysctl -w net.ipv4.ip_forward=1

iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
iptables -A FORWARD -i lo -j ACCEPT
iptables -A FORWARD -o lo -j ACCEPT

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#iptables -t nat -A OUTPUT -p tcp -j DNAT --to-destination 10.137.255.254:8082
#iptables -t nat -A OUTPUT -p tcp -s 10.137.255.254 --sport 8082 -j DNAT --to-destination 127.0.0.1:9105
#iptables -t nat -A OUTPUT -p tcp -s 10.137.2.1 --sport 9105 -j DNAT --to-destination 10.137.255.254:8082
#iptables -t nat -A OUTPUT -p tcp -d 10.137.2.1 --dport 9105 -j DNAT --to-destination 10.137.255.254:8082
#iptables -t nat -A OUTPUT -p tcp --dport 9105 -j DNAT --to-destination 10.137.255.254:8082
#iptables -t nat -A OUTPUT -p tcp --sport 9105 -j DNAT --to-destination 10.137.255.254:8082
#iptables -t nat -A OUTPUT -p tcp  -j DNAT --to-destination 10.137.255.254:8082


#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 9105 -j DNAT --to 10.137.255.254:8082
#iptables -t nat -A PREROUTING -i lo -p tcp --dport 9105 -j DNAT --to 10.137.255.254:8082

#iptables -t nat -A INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT"
#iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT"

#iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 9105 -j ACCEPT
#iptables -t nat -A OUTPUT -o lo -p tcp --dport 9105 -j ACCEPT
#iptables -t nat -A PREROUTING -i lo -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
#iptables -t nat -A PREROUTING -i eth0 -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
#iptables -t nat -A PREROUTING -i lo -p tcp --dport 9105 -j REDIRECT --to-destination 10.137.255.254:8082
#iptables -t nat -A PREROUTING -p tcp --dport 8082 -i eth0 -j DNAT --to 10.137.255.254:8082
#iptables -t nat -A PREROUTING -p tcp -i eth0 -j DNAT --to 10.137.255.254:8082
#iptables -t nat -A PREROUTING -p tcp -i lo -j DNAT --to 10.137.255.254:8082

#iptables -t nat -A OUTPUT -p tcp -s 10.137.2.1 --sport 9105 -j DNAT --to-destination 10.137.255.254:8082
#iptables -t nat -A PREROUTING -p tcp -d 127.0.0.1 --dport 8082 -j DNAT --to-destination 10.137.255.254:8082

#iptables -t nat -A PREROUTING -p tcp -d 127.0.0.1 --dport 8082 -j DNAT --to-destination 10.137.255.254
#iptables -t nat -A PREROUTING -p tcp -d 10.137.2.21 --dport 8082 -j DNAT --to-destination 10.137.255.254
#iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 8082 -j DNAT --to-destination 10.137.255.254
#iptables -t nat -A OUTPUT -p tcp -d 10.137.2.21 --dport 8082 -j DNAT --to-destination 10.137.255.254

# Works
# localhost/loopback maps localhost port 8082 to localhost port 8888
#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 8082 -j REDIRECT --to-ports 8888

# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 8082 -j DNAT --to-destination 10.137.255.254:8082
#iptables -t nat -A PREROUTING --dst 127.0.0.1 -p tcp --dport 8082 -j DNAT --to-destination 10.137.255.254:8082 
#iptables -t nat -A PREROUTING --dst 10.137.2.1 -p udp --dport 53 -j DNAT --to-destination 10.137.255.254:8082 
#iptables -t nat -A OUTPUT -p udp -d 10.137.2.1 --dport 52 -j DNAT --to-destination 10.137.255.254:8082

# Remap ALL traffic
#iptables -t nat -A OUTPUT -p tcp -j DNAT --to-destination 10.137.255.254:8082
#iptables -t nat -A OUTPUT -p udp -j DNAT --to-destination 10.137.255.254:8082
    

#iptables -t nat -A PREROUTING --dst 10.137.2.1 -p udp --dport 53 -j REDIRECT --to-port 9105
#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 53 -j REDIRECT --to-ports 9105
#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 53 -j REDIRECT --to-ports 9105

#iptables -v -L
#iptables -v -t nat -L
#telnet 127.0.0.1 9105
#telnet 10.137.2.1 8082
#telnet 127.0.0.1 8082
#tail -100 /var/log/kern.log
Whonix setup GUI now run on first start to allow configuration Added alternate for dialag (gdialog) so some of Whonix programs run Changed sudo permissions to fix umask and not use QT shared memory Changed whonix to use basic hosts file Added detection if template is active for updating Added startup code for tinyproxy Added code to disable uwt so apt-get can be used as proxy Created a python GUI Message Alert using yaml for messages (internationalization) 2014-11-02 21:14:36 +00:00			`#!/bin/bash`

			`. /usr/lib/whonix/utility_functions`

			`#sed -i 's/^DisableNetwork 0/#DisableNetwork 0/g' "/etc/tor/torrc"`
			`#disable_sysv tor`
			`#disable_sysv sdwdate`

			`iptables -F`
			`iptables -t nat -F`

			`LOG_IP4=1`
			`LOG_IP6=0`

			`# for IPv4`
			`if [ "$LOG_IP4" == "1" ]; then`
			`iptables -t raw -A OUTPUT -p icmp -j TRACE`
			`iptables -t raw -A PREROUTING -p icmp -j TRACE`
			`modprobe ipt_LOG`
			`fi`

			`# for IPv6`
			`if [ "$LOG_IP6" == "1" ]; then`
			`ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-request -j TRACE`
			`ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-reply -j TRACE`
			`ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-request -j TRACE`
			`ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-reply -j TRACE`
			`modprobe ip6t_LOG`
			`fi`

			`sysctl -w net.ipv4.ip_forward=1`

			`iptables -A FORWARD -i eth0 -j ACCEPT`
			`iptables -A FORWARD -o eth0 -j ACCEPT`
			`iptables -A FORWARD -i lo -j ACCEPT`
			`iptables -A FORWARD -o lo -j ACCEPT`

			`#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE`

			`#iptables -t nat -A OUTPUT -p tcp -j DNAT --to-destination 10.137.255.254:8082`
			`#iptables -t nat -A OUTPUT -p tcp -s 10.137.255.254 --sport 8082 -j DNAT --to-destination 127.0.0.1:9105`
			`#iptables -t nat -A OUTPUT -p tcp -s 10.137.2.1 --sport 9105 -j DNAT --to-destination 10.137.255.254:8082`
			`#iptables -t nat -A OUTPUT -p tcp -d 10.137.2.1 --dport 9105 -j DNAT --to-destination 10.137.255.254:8082`
			`#iptables -t nat -A OUTPUT -p tcp --dport 9105 -j DNAT --to-destination 10.137.255.254:8082`
			`#iptables -t nat -A OUTPUT -p tcp --sport 9105 -j DNAT --to-destination 10.137.255.254:8082`
			`#iptables -t nat -A OUTPUT -p tcp -j DNAT --to-destination 10.137.255.254:8082`


			`#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 9105 -j DNAT --to 10.137.255.254:8082`
			`#iptables -t nat -A PREROUTING -i lo -p tcp --dport 9105 -j DNAT --to 10.137.255.254:8082`

			`#iptables -t nat -A INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT"`
			`#iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT"`

			`#iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 9105 -j ACCEPT`
			`#iptables -t nat -A OUTPUT -o lo -p tcp --dport 9105 -j ACCEPT`
			`#iptables -t nat -A PREROUTING -i lo -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT`
			`#iptables -t nat -A PREROUTING -i eth0 -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT`
			`#iptables -t nat -A PREROUTING -i lo -p tcp --dport 9105 -j REDIRECT --to-destination 10.137.255.254:8082`
			`#iptables -t nat -A PREROUTING -p tcp --dport 8082 -i eth0 -j DNAT --to 10.137.255.254:8082`
			`#iptables -t nat -A PREROUTING -p tcp -i eth0 -j DNAT --to 10.137.255.254:8082`
			`#iptables -t nat -A PREROUTING -p tcp -i lo -j DNAT --to 10.137.255.254:8082`

			`#iptables -t nat -A OUTPUT -p tcp -s 10.137.2.1 --sport 9105 -j DNAT --to-destination 10.137.255.254:8082`
			`#iptables -t nat -A PREROUTING -p tcp -d 127.0.0.1 --dport 8082 -j DNAT --to-destination 10.137.255.254:8082`

			`#iptables -t nat -A PREROUTING -p tcp -d 127.0.0.1 --dport 8082 -j DNAT --to-destination 10.137.255.254`
			`#iptables -t nat -A PREROUTING -p tcp -d 10.137.2.21 --dport 8082 -j DNAT --to-destination 10.137.255.254`
			`#iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 8082 -j DNAT --to-destination 10.137.255.254`
			`#iptables -t nat -A OUTPUT -p tcp -d 10.137.2.21 --dport 8082 -j DNAT --to-destination 10.137.255.254`

			`# Works`
			`# localhost/loopback maps localhost port 8082 to localhost port 8888`
			`#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 8082 -j REDIRECT --to-ports 8888`

			`# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 8082 -j DNAT --to-destination 10.137.255.254:8082`
			`#iptables -t nat -A PREROUTING --dst 127.0.0.1 -p tcp --dport 8082 -j DNAT --to-destination 10.137.255.254:8082`
			`#iptables -t nat -A PREROUTING --dst 10.137.2.1 -p udp --dport 53 -j DNAT --to-destination 10.137.255.254:8082`
			`#iptables -t nat -A OUTPUT -p udp -d 10.137.2.1 --dport 52 -j DNAT --to-destination 10.137.255.254:8082`

			`# Remap ALL traffic`
			`#iptables -t nat -A OUTPUT -p tcp -j DNAT --to-destination 10.137.255.254:8082`
			`#iptables -t nat -A OUTPUT -p udp -j DNAT --to-destination 10.137.255.254:8082`


			`#iptables -t nat -A PREROUTING --dst 10.137.2.1 -p udp --dport 53 -j REDIRECT --to-port 9105`
			`#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 53 -j REDIRECT --to-ports 9105`
			`#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 53 -j REDIRECT --to-ports 9105`

			`#iptables -v -L`
			`#iptables -v -t nat -L`
			`#telnet 127.0.0.1 9105`
			`#telnet 10.137.2.1 8082`
			`#telnet 127.0.0.1 8082`
			`#tail -100 /var/log/kern.log`