Re: [vserver] tor in a vserver?

From: Chuck <chuck_at_sbbsnet.net>
Date: Wed 24 Oct 2007 - 01:19:32 BST
Message-Id: <200710232019.33546.chuck@sbbsnet.net>

On Tuesday 23 October 2007, Arjan wrote:
> Chuck wrote:
> > On Monday 22 October 2007, Martin Fick wrote:
> >> --- Chuck <chuck@sbbsnet.net> wrote:
> >>> has anyone been successful in installing tor in a
> >>> vserver environment?
> >>> the various programs such as inspectsocks complain
> >>> of 'socks server' connection refusal.
> >>
> >
> > pass through server for the tor network.
> >
> >> I am running it on debian and I did manually edit the
> >> torrc to set a line like this to my vserver IP:
> >>
> >> SocksListenAddress 192.168.0.1:9100 # listen on this
> >> IP:port also
> >>
>
> I'm running a tor node in a vserver behind a NAT router.
>
> If you're running a tor server, and not using it as a client to route
> local traffic through tor, you don't need the socks stuff.
> Set SocksPort to 0 in your torrc to disable it.
>
> This is all that's in the torrc of my debian-based tor 0.1.2.17 vserver:
> SocksPort 0
> Nickname elc
> Address el-c.xs4all.nl
> BandwidthRate 50 KB
> BandwidthBurst 50 KB
> ContactInfo tor-admin@el-c.xs4all.nl
> ORPort 9001
> #DirPort 9030 # I disabled this because of my limited bandwidth
> ExitPolicy reject *:*
>
> If you want to run an exit node, you'll have to use a different exit policy.
>
> Because of the NAT, you'll have to forward incoming traffic on ORPort
> (and optionally DirPort) to your tor vserver.
> In your firewall settings, you'll have to allow the tor process to make
> outgoing connections, because it connects to the other tor nodes and it
> performs DNS lookups. Don't be restrictive in your firewall rules,
> because the network breaks down if your tor node can't connect to all
> other tor nodes (who can be listening on any port).
>

ahh ok. will try this idea and see how it goes :)

we run public ip space no nat. so i guess we would use dirport... we want to
be a passthru as part of the tor network, but still have our workstation tor
clients use it as a tor network entry point..

> If you want to enable your SocksPort and ControlPort, only allow
> connections from trusted locations (localhost, or maybe lan). Also make
> sure to setup authentication for the ControlPort if you enable it.
>
>

-- 
Chuck
"...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose 
for an OS as *we* do?!!', and I answered...'I use Linux'. "
The Book of John, chapter 1, page 1, and end of book
Received on Wed Oct 24 01:19:45 2007
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 24 Oct 2007 - 01:19:52 BST by hypermail 2.1.8