Installing Tor on OBSD3.8

joe_schmoe geek_show at dsl.pipex.com
Wed Aug 23 11:28:38 PDT 2006 

marius wrote:
> It's been over a year since I've played with Tor, and my memory is a
> little fuzzy. I have tried to do what the OP is asking about, and
> "almost" got it to work.
> 
> My comments are below...
> 
> //mts
> 
> PS. Tomorrow I'll try to dig up the drive that has my Tor experiment
> on it and I'll check out what I did.
> 
> PPS. Please "cc" me if you want a speedy reply, because I'm subscribed
> to the digest mode.
> 
>> Message: 3
>> Date: Tue, 22 Aug 2006 19:48:48 +0100
>> From: "Thomas Wood" <grand.edgemaster at gmail.com>
>> Subject: Fwd: Installing Tor on OBSD3.8
>>
>> On 8/22/06, joe_schmoe <geek_show at dsl.pipex.com> wrote:
>>> Greetings
>> Hi!
>>> I am contemplating buying the OBSD3.8 CDs and just wanted to double
>>> check something first before proceeding. I have heard about a program
>>> called Tor which I think stands for "The Onion Router" - which basically
>>> anonymizes one's Internet activity (is that correct?).
>> Correct, but why OBSD3.8? 3.9 is the latest, and 4.0 is coming soon.
>> Downloads are free, although CDs help the project! OBSD is good for
>> firewalls.
>>
>>> I would like to install that on the OBSD3.8 dedicated firewall, so just a couple of
>>> quick questions:
>>> 1. What is involved in installing Tor - any special proceedures or any
>>> gotchas?
>> I  wouldn't know about this, having not tried it on a firewall.
> 
>>From what I remember, you will need to install Privoxy (or some other
> proxy) and then use pf to route all the traffic you want anonymized
> through it. I never got the pf part to work right (but Tor/Privoxy
> were working fine for surfing, ssh and IRC using the OBSD box). My
> problem was that I wanted to make the proxying transparent to the
> client boxes, without needing to set the proxy servers on each. If you
> have the ability to manually set the proxies on your clients then it's
> a lot easier.
> 
>>> 2. Does it have any effect on overall performance?
>> It will do, Tor routes traffic through several servers across the net
>> - it WILL slow traffic.
> 
> On a 4 meg DSL line, we were down to what felt like dial-up speeds.
> 
>>> 3. Is my understanding of the function of Tor accurate and will it
>>> actually anonymize all machines behind the firewall? Would this extend
>>> to blocking IP addresses, or does it merely mangle the packet headers?
>> It will hide your IP address through mangling the packet headers. By
>> blocking IP addresses, do you mean stopping access to those IPs from
>> within the network? If so, the OBSD pf can do that natively, of course
>> there are also more specialised network filtering tools.
> 
> If you configure the proxy and pf right, then all the machines behind
> the firewall should be "anonymized" in that your internet IP will be
> hidden. As the Tor FAQ
> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ says though:
> 
> "Since Tor does not anonymize message content, additional software
> agents should be used to anonymize content. For example,  Privoxy is a
> good HTTP proxy for filtering dangerous web content. "
> 
> So Privoxy will take care of your web sessions, but you will still
> need some other software to fully anonymize anything else you might be
> running.
> 
>>> Sorry for my cluelessness :)
>> Everyone's clueless at some times!
> _______________________________________________
> Openbsd-newbies mailing list
> Openbsd-newbies at sfobug.org
> http://mailman.theapt.org/listinfo/openbsd-newbies
> 
Thank you all so very much for rapid and informative responses to my 
query. I hadn't realised that OBSD development cycles had come and gone 
so quickly and that they are now approaching 4.0 - just can't keep a 
good thing down :)

Marius and others have noted the drop-off in speed. That is really a 
no-no. One of the pleasures of DSL is the speed. So, an alternative 
approach: how does one go about anonymizing one's IP address in the way 
described? The three computers behind the firewall at present still are 
assigned to my DSL's fixed IP address. This means of course that the IP 
address is not anonymized to the outside world. Is there a way to 
anonymize that or would privoxy do the trick?

Thanks once again.

/j

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GSS/P d+- s++:++ a+ C++ P L+++ E- W+++ N+
K? w--- PS+++ PE- Y+ t-- 5? X- R? !tv b+++
DI++ D? G e++++ h--- r+++ z*
------END GEEK CODE BLOCK------

More information about the Openbsd-newbies mailing list