[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: tor privoxy squid
Uahu !I already had this but i love collaboration and thanks!contact me
at skype gabx666 or visit the website i'm building at
http://tor.gabrix.ath.cx ,please keep in touch ok ?
On 11/18/06, gabrix <gabrix@xxxxxxxxxxxxx> wrote:
[my transparent squid proxy isn't working]
try the following:
squid: make sure these elements are in your squid.conf
cache_peer localhost parent 8118 7 no-query default
header_access Via deny all
header_access From deny all
privoxy: note that the cache_peer in squid config refers to SOCKS
proxy in privoxy config.
forward-socks4a / 127.0.0.1:9050 .
tor: note that 9050 is the SOCKS proxy port for Tor.
INTF=eth1 # internal network interface
ONTF=eth0 # external default route / public interface
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p tcp -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT
note that you'll want additional firewall / filter rules, and also
that DNS leaks may be present. you will have to transparently proxy
DNS via dns-proxy-tor or equivalent to avoid this, and the following
filter rules can be used for transparent DNS proxy:
$IPTABLES -t nat -A PREROUTING -i $INTIF -p udp --dport 53 -j REDIRECT
where 65533 is where dns-proxy-tor is listening.
What i'm trying to is:
I have tor+privoxy on each lan machine behind the gateway , now , i want
lan http requests to go first locally "torbuttoned" and than ,before
togo in internet,beeing proxied again by the gateway squid-tor-privoxy
... am i crazy ?It's fun!
I have this iptables:
#$IPT -t nat -I PREROUTING -i $IF1 -p tcp -s 192.168.1.0/24 -m owner
--uid-owner debian-tor --dport 80 -j DNAT --to 192.16$
$IPT -t nat -I PREROUTING -i $IF1 -p tcp -s 192.168.1.0/24 -m
multiport --dports $TOR -j REDIRECT --to $SQUID_PORT
Http requests once they leave my lan machines they don't go to port 80
but a tor-socks port so i was trying to get them to go through my squid
gateway port one way ( --uid-owner ) or the other.