[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: tor privoxy squid

To: or-talk@xxxxxxxxxxxxx
Subject: Re: tor privoxy squid
From: coderman <coderman@xxxxxxxxx>
Date: Sun, 19 Nov 2006 16:56:51 -0800
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Sun, 19 Nov 2006 19:57:05 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=tBQnuX0YkVRdk+5IECmcY8BCcQefjnYvGId3d4GU95AZEqxlRj9tTOfuPtdt8NPvrEfluu+h5Q/rKWOPeUPrs/riknwSX5WZQoWmI9FVXahu1FsxPbSIa7/XE3gcs4zBdD1aTVjsL6MfYNE96L6dG0k4qXQHe4W5MZjrwgc6GT8=
In-reply-to: <455F2EFE.4060800@gabrix.ath.cx>
References: <455F2EFE.4060800@gabrix.ath.cx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 11/18/06, gabrix <gabrix@xxxxxxxxxxxxx> wrote:

[my transparent squid proxy isn't working]


try the following:

squid: make sure these elements are in your squid.conf
---cut---
httpd_accel_port 3128
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_peer      localhost       parent  8118    7       no-query default
header_access Via deny all
header_access From deny all
forwarded_for off
--end-cut---

privoxy: note that the cache_peer in squid config refers to SOCKS
proxy in privoxy config.
---cut---
listen-address  127.0.0.1:8118
forward-socks4a         /       127.0.0.1:9050  .
--end-cut---

tor: note that 9050 is the SOCKS proxy port for Tor.

iptables:
INTF=eth1 # internal network interface
ONTF=eth0 # external default route / public interface
---cut---
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p tcp -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT --to 3128
---end-cut---

note that you'll want additional firewall / filter rules, and also
that DNS leaks may be present.  you will have to transparently proxy
DNS via dns-proxy-tor or equivalent to avoid this, and the following
filter rules can be used for transparent DNS proxy:
---cut---
$IPTABLES -t nat -A PREROUTING -i $INTIF -p udp --dport 53 -j REDIRECT
--to 65533
--end-cut--
where 65533 is where dns-proxy-tor is listening.

Follow-Ups:
- Re: tor privoxy squid
  - From: gabrix

References:
- tor privoxy squid
  - From: gabrix

Prev by Author: Re: "Practical onion hacking: finding the real address of Tor clients"
Next by Author: Re: Traces left by Torpark, and other security discussion (was Re: TorPark)
Previous by thread: Re: tor privoxy squid
Next by thread: Re: tor privoxy squid
Index(es):
- Author
- Thread