[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] almost success toward complete tor enforcement, need little help now
That's a bit insufficient and some points clearly outdated, see below.
> obfsproxy issue
> I have installed tor,pdnsd,ttdnsd,obfsproxy,polipo,vidalia
You don't need pdnsd,ttdnsd,polipo. Vidalia is a nice optional graphical
> I have already collected the obfs IP address from a running tor bundle and then placed all those
> at /etc/tor/torrc. tor is running with obfs.
> [Q] How can I check online that obfs is functional ? https://check.torproject.org/ simply shows
> tor is running, but no obfs related information.
Someone else has to answer here.
> polipo and firewall
> Browsers configured to use polopo ( tor as parent) and the online check is successful (https://check.torproject.org/)
> [Q] Is polipo really fast ? I hardly see any advantage comparing direct tor connection with out polipo.
You're on the wrong path. Don't use polipo / Firefox etc. anymore,
unless you want to stay out from all other Tor users. Use Tor Browser.
> [Q] What is the iptables rule to redirect all 80 and 443 traffic through polipo 8118 port ? Then no configuration is
> required at browser level.
You don't need iptables for that. Tor is running on a Gateway. Tor
Browser without Tor/Vidalia started (patched startup script) is running
on another machine. (Which we call Workstation.)
Tor Button SOCKS Host: gateway IP, port: reserve one SocksPort in torrc
on Gateway exclusively for Tor Browser. Add some extra SocksPorts for
other applications. (stream isolation)
> DNS and firewall
> I am using pdnsd (caching DNS proxy server) and ttdnsd ( udp to tcp converter )
You don't need ttdnsd. I recommend using one SocksPorts per most, if not
all applications. If you still want some remaining traffic fallback you
can use Tor's excellent Dns- and TransPorts.
> [Q] How can I enforce all udp to go through local DNS port and which one 53 or 8853 ?
For a "fetch remaining DNS traffic and route through Tor iptables rule"
have a look at
and search for "dns".
> iptables to route all traffic and blocked all non tor
> LAN and lo (localhost) don't need to go through tor
You probable mess up there figuring out what is lan traffic for real and
what not. I strongly recommend the Tor-only box to have no local lan
> port 80/443 should go through poliop port 8118,
> all dns query should go through local 53 ( or 8853 ? ) port
Like said before, forget about that plan. Don't use polipo.
> And the rest of the traffic should go through tor 9050 port, anything left should be dropped.
> The example iptables given at tails site is not working for me. Could anyone kindly give such a
> rule sets please ?
You can do it with virtual machines and/or physical isolation.
tor-talk mailing list