[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [mOjO@thegeekclub.net: Re: [pfSense Support] tor and traffic shaper]

To: or-talk@xxxxxxxxxxxxx
Subject: Re: [mOjO@thegeekclub.net: Re: [pfSense Support] tor and traffic shaper]
From: Eugen Leitl <eugen@xxxxxxxxx>
Date: Mon, 15 Jan 2007 20:22:23 +0100
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Mon, 15 Jan 2007 14:22:37 -0500
In-reply-to: <200701151826.05148.robert@roberthogan.net>
References: <20070115111820.GD6974@leitl.org> <200701151826.05148.robert@roberthogan.net>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.9i

On Mon, Jan 15, 2007 at 06:26:04PM +0000, Robert Hogan wrote:

> hasn't he seen 'tor' and read 'torrents'?

I don't think so, because he mentioned BT and catchall for everything
else separately. I've tried his advice today (reran the pfSense Traffic
Shaper wizard, gave the VoIP device highest priority and allocated a
minimum quotient), then unthrottled Tor. It ran fine for a while,
and in fact it even gave V2Dir a green checkmark on https://tns.nighteffect.com/ 
, but the VoIP (I'm using SIP) wouldn't coexist with the calls as 
cleanly as I was hoping.

So I put
BandwidthRate 40 KB
BandwidthBurst 40 KB
back in, which seems to work, or at least work most of the time.
I might to have to throttle it some more in case some traffic spikes
infringe on the VoIP allocation.

To document some more of my setup, I'm running both Tor and Privoxy
on a LAN machine, and have ports 5004 (UDP), 5060 (UDP) and 10000 (UDP)
patched through to the VoIP system address, including the static port
rule inserted prior to 192.168.1.0/24 which is there by default
(Firewall: NAT: Outbound; enable advanced outbound NAT). Tor
has just 9001 (TCP) and 9030 (TCP) patched through to the machine
running the Tor/Privoxy combo.

I'm using the Torbutton Firefox extension with the following preferences
HTTP Proxy: machine IP Port: 8118
SSL  Proxy: machine IP Port: 8118
SOCKS Host: machine IP Port: 9050

On the "machine IP" Tor/Privoxy machine I have /etc/tor/torrc with the
following relevant configuration:

SocksListenAddress 0.0.0.0:9050
Address <insert your WAN address here>
ORPort 9001
DirPort 9030
BandwidthRate 40 KB
BandwidthBurst 40 KB
ExitPolicy reject *:* # middleman only -- no exits allowed

and in /etc/privoxy/config I have

listen-address 0.0.0.0:8118
forward-socks4a / localhost:9050 . <-- notice the dot
-- all these are deviation from standard config only,
of course, and I hope I got them all.


-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Attachment: signature.asc
Description: Digital signature

References:
- [mOjO@thegeekclub.net: Re: [pfSense Support] tor and traffic shaper]
  - From: Eugen Leitl
- Re: [mOjO@thegeekclub.net: Re: [pfSense Support] tor and traffic shaper]
  - From: Robert Hogan

Prev by Author: [mOjO@thegeekclub.net: Re: [pfSense Support] tor and traffic shaper]
Next by Author: Re: more letters from the feds
Previous by thread: Re: [mOjO@thegeekclub.net: Re: [pfSense Support] tor and traffic shaper]
Next by thread: Question for DEVs -- Write/Read Limiting
Index(es):
- Author
- Thread