Difference between revisions of "Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Tor"
Davidmbrooke (Talk | contribs) m (Added to Bering-uClibc_4.x and User_Guide categories) |
(add content for suing tor as a socks proxy) |
||
Line 29: | Line 29: | ||
=== Using Tor as SOCKS proxy === | === Using Tor as SOCKS proxy === | ||
− | + | This section is based on a mail to leaf-user mailinglist by "TF !" <torfeedback@googlemail.com>. | |
==== Configure Tor ==== | ==== Configure Tor ==== | ||
− | + | The tor configuration assumes that you want a control port on 9051 and use port 9200 as proxy port. The standard port for tor socks support is 9100, which interferes with the p910nd Package that uses the same port. It is also assumed that you don't want to run an tor exit node. | |
+ | |||
+ | For a usable tor configuration you only need to edit <code class="filename">/etc/tor/torrc</code> and copy the following content (adjust the IP addresses and ports to fit your needs): | ||
+ | |||
+ | HashedControlPassword hash code # see below | ||
+ | SocksPort 9200 # what port to open for relaying | ||
+ | SocksListenAddress 127.0.0.1 # accept connections only from l | ||
+ | SocksListenAddress 192.168.1.254:9200 # listen on a chosen IP/port to | ||
+ | Log notice syslog # write log entries to /var/log/dameon.log | ||
+ | RunAsDaemon 1 # run daemonized - IMPORTANT- otherwise it may block your boot sequence! | ||
+ | DataDirectory /tmp/tor | ||
+ | ControlPort 9051 # the control port | ||
+ | ControlListenAddress 192.168.1.254 # listen only on lan interface | ||
+ | |||
+ | The HashedControlPassword can be generated from the command line with tor. | ||
+ | # tor --hash-password yourpassword | ||
+ | 16:2907033A19AA3D2060D0C1C0D8C5AB6942E23F393B612BC8B547DBA19B | ||
+ | |||
+ | Copy the result and replace "hash code" in <code class="filename">/etc/tor/torrc</code> with it. | ||
+ | |||
==== Configure your web browser ==== | ==== Configure your web browser ==== | ||
− | + | To access the Internet via tor, enable the proxy configuration using socks for your preferred browser and point it to your routers LAN address at port 9200. | |
+ | |||
==== Configure shorewall ==== | ==== Configure shorewall ==== | ||
− | + | Edit <code class="filename">/etc/shorewall/rules</code> to open the necessary ports. | |
+ | # tor outgoing connections | ||
+ | ACCEPT fw net tcp 443 | ||
+ | ACCEPT fw net tcp 9090 | ||
+ | ACCEPT fw net tcp 9001 | ||
+ | # tor socks ports | ||
+ | ACCEPT loc fw tcp 9051 | ||
+ | ACCEPT loc fw tcp 9200 | ||
+ | |||
+ | Save your configuration and restart shorewall and tor. | ||
+ | |||
==== Check if it works ==== | ==== Check if it works ==== | ||
Navigate your browser to [https://check.torproject.org check.torproject.org]. | Navigate your browser to [https://check.torproject.org check.torproject.org]. |
Revision as of 23:20, 20 March 2011
Advanced Topics - Setting Up Tor | ||
---|---|---|
Prev | Bering-uClibc 4.x - User Guide | Next |
This is just a skeleton
Contents
What is Tor?
Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.
You can configure Tor to run either as a SOCKS proxy or, together with the privoxy Package, as HTTP/S proxy. Both methods are described below.
Load the necessary package to run Tor
To run tor
on your router you need to load the following Packages in leaf.cfg
:
-
tor.lrp
-
libssl.lrp
-
libcrpto.lrp
-
lpthread.lrp
-
libz.lrp
-
libevent.lrp
-
privoxy.lrp
(only required, if you want to run tor with a http/s proxy instead of a SOCKS proxy)
Using Tor as SOCKS proxy
This section is based on a mail to leaf-user mailinglist by "TF !" <torfeedback@googlemail.com>.
Configure Tor
The tor configuration assumes that you want a control port on 9051 and use port 9200 as proxy port. The standard port for tor socks support is 9100, which interferes with the p910nd Package that uses the same port. It is also assumed that you don't want to run an tor exit node.
For a usable tor configuration you only need to edit /etc/tor/torrc
and copy the following content (adjust the IP addresses and ports to fit your needs):
HashedControlPassword hash code # see below SocksPort 9200 # what port to open for relaying SocksListenAddress 127.0.0.1 # accept connections only from l SocksListenAddress 192.168.1.254:9200 # listen on a chosen IP/port to Log notice syslog # write log entries to /var/log/dameon.log RunAsDaemon 1 # run daemonized - IMPORTANT- otherwise it may block your boot sequence! DataDirectory /tmp/tor ControlPort 9051 # the control port ControlListenAddress 192.168.1.254 # listen only on lan interface
The HashedControlPassword can be generated from the command line with tor.
# tor --hash-password yourpassword 16:2907033A19AA3D2060D0C1C0D8C5AB6942E23F393B612BC8B547DBA19B
Copy the result and replace "hash code" in /etc/tor/torrc
with it.
Configure your web browser
To access the Internet via tor, enable the proxy configuration using socks for your preferred browser and point it to your routers LAN address at port 9200.
Configure shorewall
Edit /etc/shorewall/rules
to open the necessary ports.
# tor outgoing connections ACCEPT fw net tcp 443 ACCEPT fw net tcp 9090 ACCEPT fw net tcp 9001 # tor socks ports ACCEPT loc fw tcp 9051 ACCEPT loc fw tcp 9200
Save your configuration and restart shorewall and tor.
Check if it works
Navigate your browser to check.torproject.org. With a proper setup you'll get a page announcing:
Congratulations. Your browser is configured to use Tor plus some additional information.
If it doesn't work, you'll see:
Sorry. You are not using Tor.
Using Tor as HTTP/S proxy
Configure Tor
Use the configuration as provided with the tor
Package.
Configure Privoxy
Change the configuration directive listen-address in /etc/privoxy/config
to enable privoxy
listening on routers LAN interface at port 8118:
# Your local interface listen-address 192.168.10.254:8118
Also add the following line to /etc/privoxy/config
:
# Tor listens as a SOCKS4a proxy here: forward-socks4a / 127.0.0.1:9050 .
Configure your web browser
To access the Internet via tor, enable the proxy configuration for your preferred browser and point it to your routers LAN address at port 8118.
Configure shorewall
Edit the shorewall rules (/etc/shorewall/rules
) and open the port 8118 on your firewall for access from the LAN to your proxy server. Additionally open the firewall to allow traffic from the router to the net zone for the usual tor
ports (9001-9033).
# access privoxy proxy from LAN ACCEPT loc fw tcp 8118 # tor ports fw to net zone ACCEPT fw net tcp 9001:9033
Check if it works
Navigate your browser to check.torproject.org. With a proper setup you'll get a page announcing:
Congratulations. Your browser is configured to use Tor plus some additional information.
If it doesn't work, you'll see:
Sorry. You are not using Tor.
Additional reading
Prev | Up | Next |