logs archiveIRC Archive / Oftc / #tor / 2010 / July / 4 / 1
Sebastian
Renfield: I think you don't want to run a relay for the whole house, but a *client*.
and yes, that sockspolicy should work.
Julias_shulman
why would you want to relay on your lan?
oh then you dont have to install tor on any other machines?
Sebastian
Julias_shulman: yes. Usually that setup isn't recommended, but it would work.
Julias_shulman
mmm
if one or more machines was in use
then your connection would be slow
slower than a normal tor connection
with is extremely slow
at least if you install tor on each invidivual machine you can choose different hosts to go through
for different speeds available
I guess it works if you are one person living in a house and want to use tor from any location and you have 7-10 computers in various locations around the house
running various things like mac/linux/win
operator is easy enough on windows though
Sebastian
what is operator?
Goldstein
So what was renfield trying to do?
Renfield
That's basically what I wanted to do, so that I only need one running Tor system for each computer.
It doesn't seem to be working right though.
I've got a lot of connections from outside to port 9002.
Sebastian
Renfield: and port 9002 is your socks port?
Renfield
No, that's the ORPort.
         

Sebastian
erm
if you set an orport, you are a public relay.
Renfield
9050 is the SOCKS proxy.
Oh.
Sebastian
Right, if you don't want to be a relay, don't set orport
Renfield: see my comment from above, [23:16] <Sebastian> Renfield: I think you don't want to run a relay for the whole house, but a *client*.
Renfield
Maybe the problem is with terminology. Normally a client is something that is running on your personal computer, your desktop. A server or relay is what your client connects to.
I have a computer that hosts a number of services, I wanted to add Tor to that list, and have the computers that are actually used to connect to that computer.
Sebastian
Right
in that case, you are still using the Tor installed on that machine as a client, in terms of the network.
Renfield
Oh.
Sebastian
(Tor doesn't care where a socks request comes from. It doesn't change its behaviour whether you ask from the same machine or a different one. It's much like a proxy chain, the middle proxies act as both clients and servers.
)
Renfield
Ok. Well I have commented out the ORPort 9002.
So the policy only controls incoming SOCKS requests, and not Tor relaying? Is there a way to control which IP addresses are allowed to access the ORPort much like the SocksPolicy?
Sebastian
Renfield: no, a realy MUST be reachable
Renfield
Probably that wouldn't be good to the network.
Yea.
Sebastian
it also makes 0 sense in your case
because that would mean that instead of using socks proxies in your local network, you'd need to install Tor clients there
Renfield
Right, OK that makes sense.
Sebastian
and then these Tor clients could just connect to the outside
Goldstein
i still dont understand what renfield was trying to accomplish
Renfield
Goldstein: I've just got one Tor "client" running on one computer, and other computers connect to it via SOCKS.
Goldstein
the gateway to your inet connection?
It certainly sounds like you have setup a tranparent proxy
Sebastian_
Goldstein: you still don't understand
Renfield configures the applications in the network to connect to that Tor client's socks port
that's got nothing to do with a transparent proxy
Renfield
It's a SOCKS proxy.
Goldstein
does he have one machine thru which all others connect to the WAN?
Renfield
Yes I do.
         

Sebastian_
Goldstein: that's irrelevant, though
Goldstein
and that machine runs tor client
Renfield
A transparent proxy is, well, transparent.
For this setup I must explicitly use the SOCKS port.
Goldstein
how do you handle http?
Renfield: you're running tor client on the gateway right?
Renfield
Yes.
Goldstein
then each LAN machine is set to use the gateway's tor client
for outbound reqs
???
Renfield
Tor button is configured to use Polipo, which is then configured to access the tor client on the gateway machine.
Goldstein
why not run polipo on gateway machine too?
Renfield
I could do that.
I used to use Privoxy when that was the recommended way of using Tor.
And that was configured on my gateway machine.
Goldstein
do you use a firewall to block nontor access?
Renfield
Not for Tor.
Goldstein
*nontor* acess
Renfield
Oh, I read that word as monitor.
The only firewall I have is iptables.
Which blocks all incoming requests except to explicit ports.
Which I guess is all you really need in a firewall.
Sebastian_
Goldstein: Renfield hasn't said at all that he wants to torify all traffic. No idea where you got that from. I think you're on the wrong track entirely.
Goldstein
I think I understand it
He doesnt have to run tor on all his LAN clients
Julias_shulman
Sebastian_, OperaTor is a browser with tor built in
one file
you click it
very easy
Sebastian_
Julias_shulman: Hm. Where is its design document? I'd be very curious to see how they're replicating Torbutton
Julias_shulman
http://archetwist.com/en/opera/operator
You can run Operator on any computer you want (company, library, your friend's computer) and without administration privileges as long as it's a Windows PC
Sebastian_
hm
Goldstein
is it opera based?
Sebastian_
looks like the Author realized that he couldn't offer the same protections as tbb
(see the comments: TOR is not included anymore? --- No, I have decided to leave it to the Tor Project. There is a Tor/Vidalia/Firefox bundle available on their website.)
Julias_shulman: I wouldn't recommend that anyone uses that software. Even if it is really easy, it is unmaintained and not well documented.
Julias_shulman
yes
Goldstein
it says it doesnt support tor
Julias_shulman
It was better from a time when tor was very hard to install
Sebastian_
Goldstein: Do you even read what is written here?
Goldstein
yes
Not including tor != not supporting tor
Julias_shulman
Goldstein, look for operator 3.5
it supports tor
and polipo
its all included in a single file
you click the .exe and it works
its simple enough for windows users
if you are using windows, you obviously have trojans and dont need extreme anonymity
Goldstein
i wouldnt want it to include tor, only support tor
how would I get updates?
Sebastian_
Goldstein: it does support Tor. Proxy configuration isn't removed.
In any case, the whole discussion is pointless. The software isn't safe to use for anonymity, it is outdated, and newer versions are just a portable opera.
I wonder if phobos knows about them.
Julias_shulman
? its perfectly safe
it will give you a different ip
if your country is blocked from surfing to a specific area
this software will allow you to go online in a second
Goldstein
Is there a term for the sort of setup Renfield was doing. I kinda thought what he was doing *was* transparent proxying
Julias_shulman
if you go to china and want to use google..
Sebastian_
Julias_shulman: you will find that this software doesn't work
Neither does regular Tor
Goldstein
Julias_shulman: hiding ip != good enough anonymity for most people
Sebastian_
it would be very much appreciated if you stopped making bullsh*t claims like "its perfectly safe"
Julias_shulman
? it uses tor
Sebastian_
So?
Tor isn't perfect
Julias_shulman
lol nothing is safe
Sebastian_
a tool that doesn't include any kind of Torbutton's protections AND uses an outdated version of Tor much less so
Julias_shulman
tor isn't safe
latest tor isn't safe either
only way to be safe is to unplug form the internet
computers were never ment to be networked
or you can be in a random location
you with a 12 mile dbi wifi send/recieve antenna
Sebastian_
Enough. This is totally irrelevant
Julias_shulman
what its totally relevant
Sebastian_
No Tor Project member would ever claim that Tor is perfect
Julias_shulman
that software is perfect for windows users
Sebastian_
no, it is not.
Julias_shulman
yes tor is perfection
if only it wasnt banned everywhere and abused
on every BL db
Goldstein
can you actually setup a wan gateway in such a fashion that it routes every tcp request thru tor or in http case, polipo/privoxy+tor *without* configing every LAN client?
that being transparent proxying?
Julias_shulman
it would be a transparent proxy to the web cache
setup a box with tor on it
for all connections route them through tor
with some kind of internet sharing
NAT masque
Goldstein
i was hoping Sebastian had an opinion on the above
Sebastian
Goldstein: sure, you can inspect all the packets and route them through any application you want
I'm not sure you can't feed http requests into polipo/privoxy, though.
can*
you would need to rewrite the requests
Julias_shulman
what about udp?
icmp's?
have to do rewrite for those too , not just tcp
Sebastian
you have to drop them
Tor doens't support anything but tcp
Julias_shulman
anyways its good to see that tor finally made a package that can install
after stealing it from OperaTor
and then getting mad at the OperaTor guy so he wouldnt make it anymore obviously
e portable with one package
Goldstein
Sebastian: Will the following instructions not handle http? https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy
Sebastian
Goldstein: it would torify http traffic, but not put it through an http proxy
the question was how to put the traffic into polipo
Goldstein
the difference being that no filtering would be posible? I thought polipo doesnt really do any filtering
Julias_shulman
polipo listens on 127.0.0.1
make polipo listen on your local ethernet
instead of loopback
Goldstein
Sebastian: why does one need to run http thru polipo if not to get it torified?
Sebastian
one doesn't need to do that
Goldstein
then why do we?
Sebastian
hm?
Goldstein
then why do we use polipo? because non-unix ssystems have to?
Sebastian
no
because Firefox's socks code is crap
Goldstein
lol
would a transparent proxy bypass it's crapitude?
Sebastian
maybe
I would assume yes, because Firefox wouldn't even know it is dealing with a socks proxy
boxbeatsy
hi, is it possible to use TOR to assign a different IP to each of my browsers?
hi
whoops, sorry still getting used to irssi. real question is above ^
jrf99c5
How do I set up Pidgin for Tor?
Or....what IRC client do you recommend?
Anybody here?
velope
boxbeatsy: Tor does not assign IPs to browsers, exactly. Are you talking about multiple browsers running on the same computer?
boxbeatsy
velope: yea i guess my question is can i use TOR to get 3 IP's at once
jrf99c5: i'd recommend irssi
jrf99c5
boxbeastsy.....is there a site for it? I think it runs in Terminal....is that right?
velope
Tor maintains multiple circuits (chains of 3 nodes). The final node (hop) in each circuit is the exit, which is the IP seen by the server your browser (or other app) accesses.
boxbeatsy
jrf99c5: yea google the site. you'll find everything you need to know
jrf99c5
Thank you
boxbeatsy
velope: so, does that mean there's no way to open up three circuits?
i mean *multiple chains
velope
By default, Tor stops reusing circuits after ten minutes, so the IPs are changing frequently, which is part of anonymity.
boxbeatsy
right right, but at any given time, can i have 3 chains open?
velope
jrf99c5: Pidgin works fine with Tor. You configure it in the proxy tab of each account.
Pidgin is probably more popular with Windows and former windows users; irrsi more popular with die-hard linux users.
boxbeatsy: usually Tor has a minimum of two circuits open, and if your apps are active, perhaps many more.
But usually a circuit is not tied to an application.
boxbeatsy
hmm i dont think i understand
each circuit represents a different exit node IP right?
« prev 1 2 next »