[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: funneling a wireless net's outbound connections through tor

>      I'm trying to set up a free wireless service for those of my neighbors
> within range of a little wireless router I have.  To keep things safe for
> me and at least somewhat safer for them, I want to route all the outbound
> connections from that router through tor using pf under FreeBSD 6.2-STABLE
> (i386).

Do not do that.

You should not make traffic go transparently through tor, unless the
people using your network fully understand what tor is about, and what
are the associated security risks (such as exit nodes performing MITM
attacks on SSL certificates).

Instead, put a simple stateless firewall on your network, and redirect
port 80 traffic to a web server that explains how to set up their web
browser to go through tor.

Please make sure that your HTTP proxy allows CONNECT to TCP ports 22,
80, 109-110, 143, 443, 873, 993 and 995.  22 is especially important
if there are any geeks in your neighbourhood.