Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up Tor

From bering-uClibc
Jump to: navigation, search
Advanced Topics - Setting Up Tor
Prev Bering-uClibc 5.x - User Guide Next

What is Tor?

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

You can configure Tor to run either as a SOCKS proxy or, together with the privoxy Package, as HTTP/S proxy. Both methods are described below.

Load the necessary package to run Tor

To run tor on your router you need to load the following Packages in leaf.cfg:

  • tor.lrp
  • privoxy.lrp (only required, if you want to run tor with a http/s proxy instead of a SOCKS proxy)

The tor.lrp Package depends on the Packages libssl.lrp, libcrpto.lrp, libz.lrp and libevent.lrp, which will be loaded automatically with the tor Package.

Using Tor as SOCKS proxy

This section is based on a mail to leaf-user mailinglist by "TF !" <torfeedback@googlemail.com>.

Configure Tor

The tor configuration assumes that you want a control port on 9051 and use port 9200 as proxy port. The standard port for tor socks support is 9100, which interferes with the p910nd Package that uses the same port. It is also assumed that you don't want to run an tor exit node.

For a usable tor configuration you only need to edit /etc/tor/torrc and copy the following content (adjust the IP addresses and ports to fit your needs):

HashedControlPassword   hash code          # see below
SocksPort               9200               # what port to open for relaying
SocksListenAddress      127.0.0.1          # accept connections only from l
SocksListenAddress      192.168.1.254:9200 # listen on a chosen IP/port to
Log notice syslog                          # write log entries to /var/log/dameon.log                                
RunAsDaemon 1                              # run daemonized - IMPORTANT- otherwise it may block your boot sequence!
DataDirectory /tmp/tor                                                   
ControlPort             9051               # the control port                                               
ControlListenAddress    192.168.1.254      # listen only on lan interface

The HashedControlPassword can be generated from the command line with tor.

# tor --hash-password yourpassword
16:2907033A19AA3D2060D0C1C0D8C5AB6942E23F393B612BC8B547DBA19B

Copy the result and replace "hash code" in /etc/tor/torrc with it.

Configure your web browser

To access the Internet via tor, enable the proxy configuration using socks for your preferred browser and point it to your routers LAN address at port 9200.

Configure shorewall

Edit /etc/shorewall/rules to open the necessary ports.

# tor outgoing connections 
ACCEPT        fw        net           tcp      443
ACCEPT        fw        net           tcp      9090
ACCEPT        fw        net           tcp      9001
# tor socks ports
ACCEPT        loc       fw           tcp       9051
ACCEPT        loc       fw           tcp       9200

Save your configuration and restart shorewall and tor.

Check if it works

Navigate your browser to check.torproject.org. With a proper setup you'll get a page announcing:

Congratulations. Your browser is configured to use Tor plus some additional information.

If it doesn't work, you'll see:

Sorry. You are not using Tor.

Using Tor as HTTP/S proxy

Configure Tor

Use the configuration as provided with the tor Package.

Configure Privoxy

Change the configuration directive listen-address in /etc/privoxy/config to enable privoxy listening on routers LAN interface at port 8118:

# Your local interface
listen-address  192.168.10.254:8118 

Also add the following line to /etc/privoxy/config:

# Tor listens as a SOCKS4a proxy here:
forward-socks4a / 127.0.0.1:9050 .  <-- note the dot at the end!

Configure your web browser

To access the Internet via tor, enable the proxy configuration for your preferred browser and point it to your routers LAN address at port 8118.

Configure shorewall

Edit the shorewall rules (/etc/shorewall/rules) and open the port 8118 on your firewall for access from the LAN to your proxy server. Additionally open the firewall to allow traffic from the router to the net zone for the usual tor ports (9001-9033).

# access privoxy proxy from LAN
ACCEPT        loc       fw            tcp      8118
# tor ports fw to net zone                                                                 
ACCEPT        fw        net           tcp      9001:9033 
ACCEPT        fw        net           tcp      443


Check if it works

Navigate your browser to check.torproject.org. With a proper setup you'll get a page announcing:

Congratulations. Your browser is configured to use Tor plus some additional information.

If it doesn't work, you'll see:

Sorry. You are not using Tor.

Additional reading


Prev Up Next