Re: [tor-talk] Connection / socket issues with Tor on Mac OS

["Jack Waugh" <zqrfvbhhdb@xxxxxxxxxxx>]

I have Linux rather than a Mac, but the example of my config files  
might still help you.  No matter what your operating system is, you  
have to point your browser at Polipo and Tor and you have to point  
Polipo to Tor, in terms of addresses and port numbers.  What I know  
about this is thanks to people responding in this list.

Here is how my Polipo config file differs from the default:

*** before/etc/polipo/config	2011-07-28 11:39:18.000000000 -0400
--- after/etc/polipo/config	2011-07-31 08:07:25.000000000 -0400
***************
*** 14,26 ****
  # connect:

  # proxyAddress = "::0"        # both IPv4 and IPv6
! # proxyAddress = "0.0.0.0"    # IPv4 only

  # If you are enabling 'proxyAddress' above, then you want to enable the
  # 'allowedClients' variable to the address of your network, e.g.
  # allowedClients = 127.0.0.1, 192.168.42.0/24
!
! # allowedClients = 127.0.0.1

  # Uncomment this if you want your Polipo to identify itself by
  # something else than the host name:
--- 14,25 ----
  # connect:

  # proxyAddress = "::0"        # both IPv4 and IPv6
! proxyAddress = "0.0.0.0"    # IPv4 only

  # If you are enabling 'proxyAddress' above, then you want to enable the
  # 'allowedClients' variable to the address of your network, e.g.
  # allowedClients = 127.0.0.1, 192.168.42.0/24
! allowedClients = 127.0.0.1, 192.168.2.0/24

  # Uncomment this if you want your Polipo to identify itself by
  # something else than the host name:
***************
*** 37,44 ****

  # Uncomment this if you want to use a parent SOCKS proxy:

! # socksParentProxy = "localhost:9050"
! # socksProxyType = socks5


  ### Memory
--- 36,43 ----

  # Uncomment this if you want to use a parent SOCKS proxy:

! socksParentProxy = "localhost:9050"
! socksProxyType = socks4a


  ### Memory

and here is how my Tor config file differs from the default:

*** before/etc/tor/torrc	2011-07-30 23:29:09.000000000 -0400
--- after/etc/tor/torrc	2011-08-06 08:56:06.000000000 -0400
***************
*** 16,23 ****
  ## Replace this with "SocksPort 0" if you plan to run Tor only as a
  ## relay, and not make any local application connections yourself.
  SocksPort 9050 # what port to open for local application connections
! SocksListenAddress 127.0.0.1 # accept connections only from localhost
! #SocksListenAddress 192.168.0.1:9100 # listen on this IP:port also

  ## Entry policies to allow/deny SOCKS requests based on IP address.
  ## First entry that matches wins. If no SocksPolicy is set, we accept
--- 16,23 ----
  ## Replace this with "SocksPort 0" if you plan to run Tor only as a
  ## relay, and not make any local application connections yourself.
  SocksPort 9050 # what port to open for local application connections
! SocksListenAddress 127.0.0.1 # accept connections from localhost
! SocksListenAddress 192.168.2.201:9050 # listen on this IP:port also

  ## Entry policies to allow/deny SOCKS requests based on IP address.
  ## First entry that matches wins. If no SocksPolicy is set, we accept
***************
*** 33,39 ****
  ## may provide sensitive information to an attacker who obtains the logs.
  ##
  ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
! #Log notice file /var/log/tor/notices.log
  ## Send every possible message to /var/log/tor/debug.log
  #Log debug file /var/log/tor/debug.log
  ## Use the system log instead of Tor's logfiles
--- 33,39 ----
  ## may provide sensitive information to an attacker who obtains the logs.
  ##
  ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
! Log notice file /var/log/tor/notices.log
  ## Send every possible message to /var/log/tor/debug.log
  #Log debug file /var/log/tor/debug.log
  ## Use the system log instead of Tor's logfiles
***************
*** 52,61 ****

  ## The port on which Tor will listen for local connections from Tor
  ## controller applications, as documented in control-spec.txt.
! #ControlPort 9051
  ## If you enable the controlport, be sure to enable one of these
  ## authentication methods, to prevent attackers from accessing it.
! #HashedControlPassword  
16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
  #CookieAuthentication 1

  ############### This section is just for location-hidden services ###
--- 52,61 ----

  ## The port on which Tor will listen for local connections from Tor
  ## controller applications, as documented in control-spec.txt.
! ControlPort 9051
  ## If you enable the controlport, be sure to enable one of these
  ## authentication methods, to prevent attackers from accessing it.
! HashedControlPassword  
16:CF0F664947481C3260C0CC159C0D4BE0DA987BACE0A6DA4258A405617F
  #CookieAuthentication 1

  ############### This section is just for location-hidden services ###
***************
*** 79,85 ****
  ## See https://www.torproject.org/docs/tor-doc-relay for details.

  ## Required: what port to advertise for incoming Tor connections.
! #ORPort 9001
  ## If you want to listen on a port other than the one advertised
  ## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the
  ## line below too. You'll need to do ipchains or other port forwarding
--- 79,85 ----
  ## See https://www.torproject.org/docs/tor-doc-relay for details.

  ## Required: what port to advertise for incoming Tor connections.
! ORPort 80
  ## If you want to listen on a port other than the one advertised
  ## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the
  ## line below too. You'll need to do ipchains or other port forwarding
***************
*** 87,93 ****
  #ORListenAddress 0.0.0.0:9090

  ## A handle for your relay, so people don't have to refer to it by key.
! #Nickname ididnteditheconfig

  ## The IP address or full DNS name for your relay. Leave commented out
  ## and Tor will guess.
--- 87,93 ----
  #ORListenAddress 0.0.0.0:9090

  ## A handle for your relay, so people don't have to refer to it by key.
! Nickname reston

  ## The IP address or full DNS name for your relay. Leave commented out
  ## and Tor will guess.
***************
*** 96,114 ****
  ## Define these to limit how much relayed traffic you will allow. Your
  ## own traffic is still unthrottled. Note that RelayBandwidthRate must
  ## be at least 20 KBytes.
! #RelayBandwidthRate 100 KBytes  # Throttle traffic to 100KB/s (800Kbps)
! #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB/s (1600Kbps)

  ## Contact info to be published in the directory, so we can contact you
  ## if your relay is misconfigured or something else goes wrong. Google
  ## indexes this, so spammers might also collect it.
  #ContactInfo Random Person <nobody AT example dot com>
  ## You might also include your PGP or GPG fingerprint if you have one:
  #ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>

  ## Uncomment this to mirror directory information for others. Please do
  ## if you have enough bandwidth.
! #DirPort 9030 # what port to advertise for directory connections
  ## If you want to listen on a port other than the one advertised
  ## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line
  ## below too. You'll need to do ipchains or other port forwarding yourself
--- 96,116 ----
  ## Define these to limit how much relayed traffic you will allow. Your
  ## own traffic is still unthrottled. Note that RelayBandwidthRate must
  ## be at least 20 KBytes.
! RelayBandwidthRate 20 KBytes
! MaxAdvertisedBandwidth 20 KBytes
! RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB/s (1600Kbps)

  ## Contact info to be published in the directory, so we can contact you
  ## if your relay is misconfigured or something else goes wrong. Google
  ## indexes this, so spammers might also collect it.
  #ContactInfo Random Person <nobody AT example dot com>
+ ContactInfo Jack Waugh <xvescyva2h ayut snkmail daht com>
  ## You might also include your PGP or GPG fingerprint if you have one:
  #ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>

  ## Uncomment this to mirror directory information for others. Please do
  ## if you have enough bandwidth.
! DirPort 9030 # what port to advertise for directory connections
  ## If you want to listen on a port other than the one advertised
  ## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line
  ## below too. You'll need to do ipchains or other port forwarding yourself
***************
*** 144,149 ****
--- 146,153 ----
  #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
  #ExitPolicy accept *:119 # accept nntp as well as default exit policy
  #ExitPolicy reject *:* # no exits allowed
+ # ExitPolicy accept *:80,accept *:443,reject *:*	# Jack
+ ExitPolicy reject *:*
  #
  ## Bridge relays (or "bridges") are Tor relays that aren't listed in the
  ## main directory. Since there is no complete public list of them,  
even if an

As for my browser, when I run it on the same machine that is running  
Polipo and Tor (which wasn't my original intention, but I do that now  
to distribute memory use across my computers), it has:

HTTP Proxy 127.0.0.1 port 8123
SSL  Proxy 127.0.0.1 port 8123
SOCKS Host 127.0.0.1 port 9050
Socks protocol version: SOCKS v5
No proxies for 127.0.0.1

So, as someone else on this list helpfully explained to me, you point  
your browser directly to Tor for its SOCKS proxy but you point your  
browser to Polipo for its HTTP proxy (and, I guessed, SSL proxy as  
well).


-- Jack Waugh
Skype: wx40szj
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk