On Tue, Sep 18, 2012 at 8:44 AM, Raviji <raviji...@gmail.com> wrote: > Dear list, > > I wonder if I can setup a box which provides complete traffic enforcement > through tor. > The tails project has encouraged me to work in that direction. With the > tails documentations and with > some online guide like > > https://cryptoanarchy.org/wiki/Build_your_own_livething > > I am able to setup my running debian system almost a tor encrypted box, > with some small hitches which I belief can easily be solved with your > technical guidance. > > > obfsproxy issue > ================= > > I have installed tor,pdnsd,ttdnsd,obfsproxy,polipo,vidalia > I have already collected the obfs IP address from a running tor bundle and > then placed all those > at /etc/tor/torrc. tor is running with obfs. > > [Q] How can I check online that obfs is functional ? > https://check.torproject.org/ simply shows > tor is running, but no obfs related information. > > polipo and firewall > ===================== > > Browsers configured to use polopo ( tor as parent) and the online check is > successful (https://check.torproject.org/) > > [Q] Is polipo really fast ? I hardly see any advantage comparing direct > tor connection with out polipo. > > [Q] What is the iptables rule to redirect all 80 and 443 traffic through > polipo 8118 port ? Then no configuration is > required at browser level. > > DNS and firewall > ================= > > I am using pdnsd (caching DNS proxy server) and ttdnsd ( udp to tcp > converter ) > > /etc/pdnsd.conf content with this: > > global { > perm_cache = 2048; > cache_dir = "/var/cache/pdnsd"; > run_as = "pdnsd"; > server_ip = 127.0.0.1; > status_ctl = on; > min_ttl = 15m; > max_ttl = 1w; > timeout = 120; > } > > # Tor DNS resolver > server { > label = "tor"; > ip = 127.0.0.1; > port = 8853; > uptest = none; > exclude=".invalid"; > policy=included; > proxy_only = on; > lean_query = on; > } > # ttdnsd > server { > label = "ttdnsd"; > ip = 127.0.0.2; > port = 53; > uptest = none; > exclude=".invalid",".exit",".onion"; > policy=included; > proxy_only = on; > lean_query = on; > } > > > /etc/tor/torrc has > > DNSPort 8853 > AutomapHostsOnResolve 1 > AutomapHostsSuffixes .exit,.onion > > So ttdnsd running at port 53 at 127.0.0.2 and tor dns at 127.0.0.1 port > 8853. > > But nmap shows ( #nmap -p 1-65535 localhost ) > > PORT STATE SERVICE > 22/tcp open ssh > 25/tcp open smtp > 53/tcp open domain > 111/tcp open rpcbind > 631/tcp open ipp > 8118/tcp open privoxy > 9040/tcp open tor-trans > 9050/tcp open tor-socks > 9051/tcp open tor-control > > no open port for tor-dns > > [Q] How can I enforce all udp to go through local DNS port and which one > 53 or 8853 ? > > <...> > iptables -t nat -A OUTPUT ! -o lo -p udp -m udp --dport 53 -j REDIRECT > --to-ports 53 > iptables -t filter -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT > <...> > > is not working. Can't do any dns resolution, even ping failed to gmail.com > > > iptables to route all traffic and blocked all non tor > ====================================================== > > LAN and lo (localhost) don't need to go through tor > > port 80/443 should go through poliop port 8118, > all dns query should go through local 53 ( or 8853 ? ) port > > And the rest of the traffic should go through tor 9050 port, anything left > should be dropped. > The example iptables given at tails site is not working for me. Could > anyone kindly give such a > rule sets please ? > > Many many thanks for designing tor :-) > > > > > >
This was answered in your first post. Please check your first post and read the post by: adrelanos _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
