Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up Tor
Advanced Topics - Setting Up Tor | ||
---|---|---|
Prev | Bering-uClibc 5.x - User Guide | Next |
Contents
What is Tor?
Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.
You can configure Tor to run either as a SOCKS proxy or, together with the privoxy Package, as HTTP/S proxy. Both methods are described below.
Load the necessary package to run Tor
To run tor
on your router you need to load the following Packages in leaf.cfg
:
-
tor.lrp
-
privoxy.lrp
(only required, if you want to run tor with a http/s proxy instead of a SOCKS proxy)
The tor.lrp
Package depends on the Packages libssl.lrp
, libcrpto.lrp
, libz.lrp
and libevent.lrp
, which will be loaded automatically with the tor Package.
Using Tor as SOCKS proxy
This section is based on a mail to leaf-user mailinglist by "TF !" <torfeedback@googlemail.com>.
Configure Tor
The tor configuration assumes that you want a control port on 9051 and use port 9200 as proxy port. The standard port for tor socks support is 9100, which interferes with the p910nd Package that uses the same port. It is also assumed that you don't want to run an tor exit node.
For a usable tor configuration you only need to edit /etc/tor/torrc
and copy the following content (adjust the IP addresses and ports to fit your needs):
HashedControlPassword hash code # see below SocksPort 9200 # what port to open for relaying SocksListenAddress 127.0.0.1 # accept connections only from l SocksListenAddress 192.168.1.254:9200 # listen on a chosen IP/port to Log notice syslog # write log entries to /var/log/dameon.log RunAsDaemon 1 # run daemonized - IMPORTANT- otherwise it may block your boot sequence! DataDirectory /tmp/tor ControlPort 9051 # the control port ControlListenAddress 192.168.1.254 # listen only on lan interface
The HashedControlPassword can be generated from the command line with tor.
# tor --hash-password yourpassword 16:2907033A19AA3D2060D0C1C0D8C5AB6942E23F393B612BC8B547DBA19B
Copy the result and replace "hash code" in /etc/tor/torrc
with it.
Configure your web browser
To access the Internet via tor, enable the proxy configuration using socks for your preferred browser and point it to your routers LAN address at port 9200.
Configure shorewall
Edit /etc/shorewall/rules
to open the necessary ports.
# tor outgoing connections ACCEPT fw net tcp 443 ACCEPT fw net tcp 9090 ACCEPT fw net tcp 9001 # tor socks ports ACCEPT loc fw tcp 9051 ACCEPT loc fw tcp 9200
Save your configuration and restart shorewall and tor.
Check if it works
Navigate your browser to check.torproject.org. With a proper setup you'll get a page announcing:
Congratulations. Your browser is configured to use Tor plus some additional information.
If it doesn't work, you'll see:
Sorry. You are not using Tor.
Using Tor as HTTP/S proxy
Configure Tor
Use the configuration as provided with the tor
Package.
Configure Privoxy
Change the configuration directive listen-address in /etc/privoxy/config
to enable privoxy
listening on routers LAN interface at port 8118:
# Your local interface listen-address 192.168.10.254:8118
Also add the following line to /etc/privoxy/config
:
# Tor listens as a SOCKS4a proxy here: forward-socks4a / 127.0.0.1:9050 . <-- note the dot at the end!
Configure your web browser
To access the Internet via tor, enable the proxy configuration for your preferred browser and point it to your routers LAN address at port 8118.
Configure shorewall
Edit the shorewall rules (/etc/shorewall/rules
) and open the port 8118 on your firewall for access from the LAN to your proxy server. Additionally open the firewall to allow traffic from the router to the net zone for the usual tor
ports (9001-9033).
# access privoxy proxy from LAN ACCEPT loc fw tcp 8118 # tor ports fw to net zone ACCEPT fw net tcp 9001:9033 ACCEPT fw net tcp 443
Check if it works
Navigate your browser to check.torproject.org. With a proper setup you'll get a page announcing:
Congratulations. Your browser is configured to use Tor plus some additional information.
If it doesn't work, you'll see:
Sorry. You are not using Tor.
Additional reading
Prev | Up | Next |