Changes between Version 36 and Version 37 of doc/TorBOX/OtherAnonymizingNetworks


Ignore:
Timestamp:
May 22, 2012, 2:33:03 PM (7 years ago)
Author:
proper
Comment:

Proxy

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorBOX/OtherAnonymizingNetworks

    v36 v37  
    174174[https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev#SupportforproxiesasTorreplacementOPTIONALFEATURE dev thread]
    175175
     176Required reading: [[BR]]
     177[https://trac.torproject.org/projects/tor/wiki/doc/proxy proxy] [[BR]]
     178[https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN#VPNSSHversusProxy Tor + VPN or Proxy] [[BR]]
     179
    176180== Proxies in addition to Tor ==
    177181See [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX#AdvantagesofTorBOX Advantages of TorBOX], "It is possible to use TorBOX setup in conjunction with VPNs, ssh and other proxies....".
     
    186190There are two options available. 1. Transparent Proxying or 2. The Proxy Settings Method.
    187191
     192=== Depending on Proxy type ===
     193http proxies are not suited, because we would not be able to connect to https protected websites. The setup for https, socks4(a)/5 proxies should be very similar.
     194
    188195=== Transparent Proxying ===
     196Not finished.
     197
    189198Transparent Proxying (like TorBOX with Tor's TransPort) is, due to technical limitations, not fully supported by proxies. Proxies do not offer a DnsPort and also do not act as a DNS server. While it's possible to relay TCP and UDP traffic through the proxy on the IP level (using iptables), you would still always require known (you know the IP) DNS server. (i.e. public DNS server such as OpenDNS, Google, httpsdnsd) DNS resolution would look like: Proxy-Workstation -> Proxy-Gateway -> Proxy -> DNS server. It's technically not possible to let the proxy transparently (!) do the DNS resolution (no tools available) - at least not that we know after extended research know of.
    190199
    191200Due to the DNS issue, you can't completely hide behind the proxy (using it transparently). You always would have to reveal, that you are using a public (or private) extra DNS resolver. Of course, you would also not only have to trust the proxy, but also the extra DNS server, which can see all your DNS queries.
    192201
     202For TCP and UDP: Proxy-Workstation -> Proxy-Gateway -> network layer -> redsocks -> proxy [[BR]]
     203For DNS: Proxy-Workstation -> Proxy-Gateway -> network layer -> redsocks -> proxy -> public DNS server [[BR]]
     204
    193205=== Proxy Settings Method ===
     206Not finished.
     207
    194208Design: The Proxy-Workstation is on an isolated internal LAN (similar to TorBOX's Tor-Workstation design) and can't connect to the internet directly. (Iptables rules on the Proxy-Gateway forbid that.) All applications installed inside the Proxy-Workstation have to use the correct [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO#classicalcommonway:usetheapplicationsproxysettings proxy settings] or a [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO#notsocommon:useawrapper:forcetheapplicationtouseaproxytorsocksusewithtor wrapper].
    195209
    196 === CGI ===
    197 [https://en.wikipedia.org/wiki/CGIProxy CGIProxies] (proxy web interface) are not supported as we don't know any trans2cgi redirectors.
    198 
    199 === HTTP [HttpBOX] ===
    200 Not finished.
    201 
    202 Http proxies  maybe can be utilized. The difficult part is to translate the network layer to the http proxy. There are two ways this might work:[[BR]]
    203 1) network layer -> tranSOCKS_ev -> socks2http -> http proxy [[BR]]
    204 2) network layer -> trans2http -> http proxy [[BR]]
    205 What we don't know yet if there are any (Open Source) socks2http or trans2http redirectors for Linux. We might document that, as soon we got the socks proxy support ready.
    206 
    207 === SOCKS [SocksBOX] ===
    208 Not finished.
    209 
    210 Socks proxies can be more easily utilized. [http://oss.tiggerswelt.net/ tranSOCKS_ev] can translate the network layer to a socks proxy. [[BR]]
    211 JonDonym with premium cascades supports socks. They provide [https://anonymous-proxy-servers.net/en/help/transocks.html instructions] how to transparently proxy through their socks proxy. This is not a copy and paste solution. You have to exchange their proxy IP's and port's with your settings. Same goes for the firewall rules. The firewall rules have to be also adapter from local redirection for a specific user to anonymizing middlebox.
     210For TCP, UDP and DNS: Proxy-Workstation -> Proxy-Gateway -> proxy