|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
Tor is "an anonymous internet communication system". In essence, the Tor network is a cloud of proxies which transmit encrypted traffic around the internet. Each connection travels through multiple anonymous Tor routers or "nodes". The idea is that by the time the traffic gets to the end point, the receiver will not know who actually sent the traffic, or who they're replying to...they'll only see the last proxy in the chain. Furthermore, the traffic is encrypted so nobody can watch it along the way. Tor works with any application that supports SOCKS proxies, including IM, P2P, web, and others. For more information, visit the Tor website: http://tor.eff.org (which also has very good documentation).
Tor can be run on any machine, including the computer you surf the web with. If you travel, you might consider putting Tor directly on your computer. Since this is a tutorial about network devices, our Tor service will go on our firewall with everything else.
Important Notice: Up to this point, all the software we have used as been from the Debian "Stable" branch. Software in Stable is considered fully tested and production ready. Unfortunately, Tor is not currently available as a Stable package. In order to use it, we will have to install it from a 3rd party repository. This poses a risk in a couple ways: The software is not guaranteed to be bug free, nor is it supported as a stable package is. It is also not covered by Debian's security team. Please know that although there is no inherent reason to think this package will not work, there are also no promises about what could happen if you choose to install it!
Now that all the fun warnings are out of the way, and you're still here, let's get to installing. First, we need to edit our Apt sources. This will tell our OS that it should search the 3rd party repository for software in addition to searching the stable Debian branch. Open /etc/apt/sources.list in your favorite editor:
Firewall:~# nano -w /etc/apt/sources.list
Don't change any of the lines already in the file, just copy and paste, or type the following lines at the bottom.
deb http://mirror.noreply.org/pub/tor stable main
deb-src http://mirror.noreply.org/pub/tor stable main
Save the file and run apt-get update. This will download the latest information from the new repository.
Firewall:~# apt-get update
Now the Tor package should be available, and we can install it just as we do with any other package:
Firewall:~# apt-get install tor
If all goes as planned, Tor should now be installed. Our configuration is done in /etc/tor/torrc.
You now have several options for how you want to use Tor. By default, Tor only listens for connections from the local machine. If you want to use an HTTP proxy, skip this step. Otherwise, in order to allow your LAN machines to connect to Tor, you should edit the following line in torrc.
SocksBindAddress 192.168.1.1:9100 # listen on a chosen IP/port too
Restart Tor, and it will now listen from connections on its 192.168.1.1 interface (which should be the LAN).
Firewall:~# /etc/init.d/tor restart
Tor is a SOCKS proxy. This means you should only connect directly to it with other applications that support SOCKS proxying. If you want to use Tor for HTTP (web) traffic, it is recommended you run a separate web proxy alongside Tor. First, install Privoxy just as we did in step 11 (if you haven't already). Then, open up /etc/privoxy/config.
Firewall:~# nano -w /etc/privoxy/config
Locate section 5.2, and add the following line:
forward-socks4a / 127.0.0.1:9050 .
Now restart Privoxy. Communication to Privoxy will be forwarded to Tor, which will then take the Tor network.
The final step is to configure your workstation software to actually use the proxies. You do this the same way as you would with the regular proxies in step 11. In web browsers this information is usually found under "Connection Settings". To test, go to a website such as http://www.whatismyip.com and see if you get your firewall IP. If you do, something is not set up correctly. You should see a random IP from a node on the Tor network.
The fun doesn't have to stop there. Tor can also be set up to actively participate as a node in the network. It can be configured to act as a center node, or an exit node. It's great to add your machine to the network, because as more machines are added, the quality of the network improves. Of course, there are also risks in participating in any such network. If you choose to be an exit node, you may be held responsible for the activities of other users on the network. As a center node, you will not be directly responsible for any activity, but you will still be giving up bandwidth to traffic. Both of these options are disabled in the default Tor install.
If you're having problems, want to learn more about Tor, or want to install Tor on a different OS, please check out the information at http://tor.eff.org. The docs there are very good, and quite easy to follow. FireFox users may also like the Torbutton plugin to easily access your Tor node from FF (http://addons.mozilla.org).
|
|
|
|
|
|
Proceed to Step 16 - Diagnostics with IFTop & TCPDump |
|
|
|
|
|
|
|
|
|
|
| Copyright © 2006 Matt LaPlante. All rights reserved. |
|
Page created in 0.0021 seconds.
|
|
