On 08/07/2015 03:45 PM, Petter Reinholdtsen wrote: > [Sunil Mohan Adapa] >> Currently, Tor SOCKS listen address is set as 127.0.0.1:9050. This >> makes it not available for using on LAN networks. Although for >> browsing using Tor Browser Bundle is the recommended, many other >> services such as IRC which can work okay behind Tor can't be used with >> Tor. The listen address should be 0.0.0.0:9050. Firewall opens this >> port for LAN networks and closes it for WAN networks. > > What about instead of asking people to use the SOCKS interface, all TCP > and DNS connections are automatically routed using iptables to Tor, > allowing Tor to be used transparently? For such setup, I suspect it > make sense for Tor to only listed on 127.0.0.1 I guess it should be an > option in the Plinth interface. > > I believe there are recipes on how to do this floating on the web (I > believe I saw one a year or so ago), but did not have time to track it > down right now. >
I will check further or transparent proxying. Can we not have Tor listen on 0.0.0.0:9050 even when transparent proxying is enabled? IIUC, a machine needs to have gateway configured as FB machine (perhaps by getting DHCP config done by FB) for transparent proxying to work. I can see cases where this may be happen always (FB is another participant in the network and not in-charge because it has only one NIC). -- Sunil
signature.asc
Description: OpenPGP digital signature
