NAT Punching with ToR!

    Reaching your computer that is behind a NAT can become tedious and sometimes a little frustrating. Although techniques such as reverse SSH connections & VPNs are useful, they require an all time up server and sometimes, you just need a simpler solution. In the past, there have been multiple times I badly needed to SSH my office PC from outside. But my PC was behind a Network Address Translator (NAT) also protected by a firewall. This is where Tor comes into play. Tor can throw a punch at these limitations. If you did not know what TOr is, the following is an excerpt from the Tor website (tor.org) describing what Tor is.

    “The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features” - Tor.org

    In short, Tor is a secure, privacy oriented, traffic anonymising software run by philanthropists. This means, anyone can run Tor and contribute to its infrastructure. On a side note, I highly encourage you to consider contributing to the Tor Network. For monetary contributions go to https://donate.torproject.org/. If you want to learn something extraordinary, you can also be a part of their network by building a Tor server. It's super easy and takes less than 20 minutes. I will offer free help to you if you are willing to set up Tor servers. Now back to the topic.

    Despite the obvious use of Tor which is to protect your privacy, we can also use it to obtain a unique .onion address to any PC that runs Tor. This allows us to access the same PC through this .onion link as long as you’re connected to the Tor network irrespective of where you are. The entire process is only few steps.

    First we need to install Tor. I write my instructions based on a Debian based system. If you are using a Windows or a Mac based PC, well.. consider using an operating system that offers better freedom [check here] [and here]. As long you are using a GNU/Linux derivative, it should not be too difficult to adjust these steps. The following command should set up Tor on your system and it will also start as a daemon upon boot.


    sudo apt install tor -y

    Now configure Hidden Services. This specific configuration is done via editing the Tor’s only config file located at /etc/tor/torrc. This file can only be edited by a super user. So perform sudo nano /etc/tor/torrc
    Scroll down until you see the section that configures Tor Hidden Services. Uncomment 2 lines to listen on port 22 and enable Tor Hidden Services feature.


    ###################################################
    ## This section is just for location-hidden services ###
    ## Once you have configured a hidden service, you can look at the
    ##contents of the file ".../hidden_service/hostname" for the address
    ## to tell people. HiddenServicePort x y:z says to redirect requests
    ## on port x to the
    ## address y:z.
    HiddenServiceDir /var/lib/tor/hidden_service
    HiddenServicePort 22 127.0.0.1:22
    ############################################


    After entering these new configurations, we need to restart Tor’s service to absorb new changes. This will force Tor to read the torrc config file. Do the following to restart Tor service.

    sudo service tor restart

    Now, Tor would have already created a secret address at the location specified in the config file. If you went with defaults, the address should be stored at /var/lib/tor/hidden_service/. Entering this directory requires sudo privileges. Therefore, do sudo su and then cat /var/lib/tor/hidden_service/hostname. Take note of this address and it's best keep it only to yourself.

    We have completed attaching our computer to the Tor network as a hidden server. Now, with the help of new software called Torsocks we can access this hidden server from anywhere. If you did not have Torsocks installed, you can do so by performing

    sudo apt install torsocks -y

    . Torsocks itself is a great piece of software. It sort of routes all traffic of a program started through it (as first argument, In our case SSH) via the Tor network. E.g. a command like torsocks firefox will ensure your browsing traffic goes through Tor which even includes your DNS queries!!

    torsocks autossh username@yourPrivateOnionAddress.onion

    You can even extend this idea to FTP as well. Simply use
    torsocks filezilla
    Type the .onion address for the host. Since all DNS queries are routed through Torsocks, your remote PC will be found. Have fun!