Changes between Version 36 and Version 37 of doc/TorBOX/OtherAnonymizingNetworks

May 22, 2012, 2:33:03 PM (8 years ago)



  • doc/TorBOX/OtherAnonymizingNetworks

    v36 v37  
    174174[ dev thread]
     176Required reading: [[BR]]
     177[ proxy] [[BR]]
     178[ Tor + VPN or Proxy] [[BR]]
    176180== Proxies in addition to Tor ==
    177181See [ Advantages of TorBOX], "It is possible to use TorBOX setup in conjunction with VPNs, ssh and other proxies....".
    186190There are two options available. 1. Transparent Proxying or 2. The Proxy Settings Method.
     192=== Depending on Proxy type ===
     193http proxies are not suited, because we would not be able to connect to https protected websites. The setup for https, socks4(a)/5 proxies should be very similar.
    188195=== Transparent Proxying ===
     196Not finished.
    189198Transparent Proxying (like TorBOX with Tor's TransPort) is, due to technical limitations, not fully supported by proxies. Proxies do not offer a DnsPort and also do not act as a DNS server. While it's possible to relay TCP and UDP traffic through the proxy on the IP level (using iptables), you would still always require known (you know the IP) DNS server. (i.e. public DNS server such as OpenDNS, Google, httpsdnsd) DNS resolution would look like: Proxy-Workstation -> Proxy-Gateway -> Proxy -> DNS server. It's technically not possible to let the proxy transparently (!) do the DNS resolution (no tools available) - at least not that we know after extended research know of.
    191200Due to the DNS issue, you can't completely hide behind the proxy (using it transparently). You always would have to reveal, that you are using a public (or private) extra DNS resolver. Of course, you would also not only have to trust the proxy, but also the extra DNS server, which can see all your DNS queries.
     202For TCP and UDP: Proxy-Workstation -> Proxy-Gateway -> network layer -> redsocks -> proxy [[BR]]
     203For DNS: Proxy-Workstation -> Proxy-Gateway -> network layer -> redsocks -> proxy -> public DNS server [[BR]]
    193205=== Proxy Settings Method ===
     206Not finished.
    194208Design: The Proxy-Workstation is on an isolated internal LAN (similar to TorBOX's Tor-Workstation design) and can't connect to the internet directly. (Iptables rules on the Proxy-Gateway forbid that.) All applications installed inside the Proxy-Workstation have to use the correct [ proxy settings] or a [ wrapper].
    196 === CGI ===
    197 [ CGIProxies] (proxy web interface) are not supported as we don't know any trans2cgi redirectors.
    199 === HTTP [HttpBOX] ===
    200 Not finished.
    202 Http proxies  maybe can be utilized. The difficult part is to translate the network layer to the http proxy. There are two ways this might work:[[BR]]
    203 1) network layer -> tranSOCKS_ev -> socks2http -> http proxy [[BR]]
    204 2) network layer -> trans2http -> http proxy [[BR]]
    205 What we don't know yet if there are any (Open Source) socks2http or trans2http redirectors for Linux. We might document that, as soon we got the socks proxy support ready.
    207 === SOCKS [SocksBOX] ===
    208 Not finished.
    210 Socks proxies can be more easily utilized. [ tranSOCKS_ev] can translate the network layer to a socks proxy. [[BR]]
    211 JonDonym with premium cascades supports socks. They provide [ instructions] how to transparently proxy through their socks proxy. This is not a copy and paste solution. You have to exchange their proxy IP's and port's with your settings. Same goes for the firewall rules. The firewall rules have to be also adapter from local redirection for a specific user to anonymizing middlebox.
     210For TCP, UDP and DNS: Proxy-Workstation -> Proxy-Gateway -> proxy