Traditionally proxy configurations must be set in every software package you with to use the proxy server (in most circumstances this is a web browser usually by means of specified port and/or username and password). Proxies are frequently used to mask the real location of a user, log traffic coming in and out of a network, circumvent network filtering, or in some cases to gain access to network resources that are local to the proxy but separated by a firewall or not directly available from a remote location. A benefit of encryption is that it is not normally analyzed by network filters and therefor bypasses. Tor does not create complete anonymity but helps by encrypting and then bouncing your traffic around to other Tor relays before it exits an exit-node onto the Internet unencrypted. The Tor Project website can be used to gather more information about its use and how it works. If you make any mistakes, you may have to reboot in recovery mode, as root, to correct it.Tor is a great product to help protect your anonymity online. It is possible to grant privilege to users who cannot become superuser, and to grant scripts superuser privilege without asking for password. To avoid system reboot, you can store the firewall state before using TOR: The firewall rules cannot be undone directly. Naturally TOR DNS will be slower and you will want to keep the original nf file when not using TOR. After changing network settings, sometimes you need to refresh the network interface: This will force ALL users to use TOR as the DNS server. To further prevent DNS leak, in Ubuntu, you need to change the file content at /etc/resolvconf/run/nf to To setup a user with TOR VPN always on, copy the above script to (for Ubuntu): The default firewall rules will apply after system reboot. The rules can be stored in a shell script and executed whenever TOR VPN is needed. The other firewall rules block other traffic to prevent leaking. Even observers at your ISP will not know what websites you visited. Redirection of DNS port 53 is optional, but more secure. The other way is to login in as a different user whenever you need TOR VPN, where the redirection is setup to be "permanent". In this case you need to reset iptables to the previous state when you don't need TOR VPN. You can then login in as bob and fire up the browser for example, and check your external IP at any of the many proxy test sites. Once redirected, you need to restart TOR: The redirection ONLY applies to user named bob. Only the first command is necessary to test the VPN functionality, redirecting all network traffic to port 9040, where TOR is listening. This will work unless you have a very old Linux distribution. Sudo iptables -t nat -A OUTPUT -p tcp -m owner -uid-owner bob -m tcp -j REDIRECT -to-ports 9040 sudo iptables -t nat -A OUTPUT -p udp -m owner -uid-owner bob -m udp -dport 53 -j REDIRECT -to-ports 53 sudo iptables -t filter -A OUTPUT -p tcp -m owner -uid-owner bob -m tcp -dport 9040 -j ACCEPT sudo iptables -t filter -A OUTPUT -p udp -m owner -uid-owner bob -m udp -dport 53 -j ACCEPT sudo iptables -t filter -A OUTPUT -m owner -uid-owner bob -j DROP To redirect all the applications' network traffic, there is the Linux firewall iptables: You can use any existing DNS server by omitting the DNSPort line, but this is not as secure as TOR. TOR will fail if it has insufficient privilege for the DNS port. This will instruct TOR to forward redirected traffic at port 9040, and forward domain name server requests at port 53. VirtualAddrNetwork 10.192.0.0/10 AutomapHostsOnResolve 1 TransPort 9040 DNSPort 53 In Ubuntu for example, add the following lines to /etc/tor/torrc: By default, TOR runs as daemon and has root privilege. #CONFIGURE TOR PROXY UBUNTU PHP INSTALL#First install TOR use one of the several distribution specific ways. It is not advised to use Vidalia as it does not have sufficient system privileged by default. TOR only published instructions for the VPN mode in Linux, which is called transparent proxy, routing all network traffic via TOR transparently.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |