commit 6d5896ac66201bd8d640f28196c0216ef0283fa9 Author: nusenu <nusenu-github@riseup.net> Date: Sat Feb 10 16:37:13 2018 +0000 FAQ (relay section): move two questions out of the relay section the following two questions have been moved from the relay to the "Advanced Tor usage" section as they are more client related: I want to run my Tor client on a different computer than my applications. Can I install Tor on a central server, and have my clients connect to it? --- docs/en/faq.wml | 156 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 78 insertions(+), 78 deletions(-) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index fa763adb..a5c3038d 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -132,6 +132,10 @@ country) worry?</a></li> <li><a href="#SocksAndDNS">How do I check if my application that uses SOCKS is leaking DNS requests?</a></li> + <li><a href="#TorClientOnADifferentComputerThanMyApplications">I want to run my Tor client on a + different computer than my applications.</a></li> + <li><a href="#ServerClient">Can I install Tor on a central server, and + have my clients connect to it?</a></li> </ul> <a id="relay"></a> @@ -167,10 +171,6 @@ be?</a></li> Why did that happen?</a></li> <li><a href="#MyRelayRecentlyGotTheGuardFlagAndTrafficDroppedByHalf">My relay recently got the Guard flag and traffic dropped by half.</a></li> - <li><a href="#TorClientOnADifferentComputerThanMyApplications">I want to run my Tor client on a - different computer than my applications.</a></li> - <li><a href="#ServerClient">Can I install Tor on a central server, and - have my clients connect to it?</a></li> <li><a href="#JoinTheNetwork">So I can just configure a nickname and ORPort and join the network?</a></li> <li><a href="#RelayOrBridge">Should I be a normal relay or bridge @@ -2027,6 +2027,80 @@ from the source code release tor-0.2.4.16-rc is: <hr> + <a id="TorClientOnADifferentComputerThanMyApplications"></a> + <h3><a class="anchor" href="#TorClientOnADifferentComputerThanMyApplications">I + want to run my Tor client on a different computer than my applications. + </a></h3> + <p> + By default, your Tor client only listens for applications that + connect from localhost. Connections from other computers are + refused. If you want to torify applications on different computers + than the Tor client, you should edit your torrc to define + SocksListenAddress 0.0.0.0 and then restart (or hup) Tor. If you + want to get more advanced, you can configure your Tor client on a + firewall to bind to your internal IP but not your external IP. + </p> + + <hr> + + <a id="ServerClient"></a> + <h3><a class="anchor" href="#ServerClient">Can I install Tor on a + central server, and have my clients connect to it?</a></h3> + <p> + Yes. Tor can be configured as a client or a relay on another + machine, and allow other machines to be able to connect to it + for anonymity. This is most useful in an environment where many + computers want a gateway of anonymity to the rest of the world. + However, be forwarned that with this configuration, anyone within + your private network (existing between you and the Tor + client/relay) can see what traffic you are sending in clear text. + The anonymity doesn't start until you get to the Tor relay. + Because of this, if you are the controller of your domain and you + know everything's locked down, you will be OK, but this configuration + may not be suitable for large private networks where security is + key all around. + </p> + <p> +Configuration is simple, editing your torrc file's SocksListenAddress +according to the following examples: + </p> + <pre> + + #This provides local interface access only, + #needs SocksPort to be greater than 0 + SocksListenAddress 127.0.0.1 + + #This provides access to Tor on a specified interface + SocksListenAddress 192.168.x.x:9100 + + #Accept from all interfaces + SocksListenAddress 0.0.0.0:9100 + </pre> + <p> +You can state multiple listen addresses, in the case that you are +part of several networks or subnets. + </p> + <pre> + SocksListenAddress 192.168.x.x:9100 #eth0 + SocksListenAddress 10.x.x.x:9100 #eth1 + </pre> + <p> +After this, your clients on their respective networks/subnets would specify +a socks proxy with the address and port you specified SocksListenAddress +to be. + </p> + <p> +Please note that the SocksPort configuration option gives the port ONLY for +localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need +to give the port with the address, as shown above. + <p> +If you are interested in forcing all outgoing data through the central Tor +client/relay, instead of the server only being an optional proxy, you may find +the program iptables (for *nix) useful. + </p> + + <hr> + <a id="RunningATorRelay"></a> <h2><a class="anchor" href="#RunningATorRelay">Running a Tor relay:</a></h2> @@ -2476,80 +2550,6 @@ users <hr> - <a id="TorClientOnADifferentComputerThanMyApplications"></a> - <h3><a class="anchor" href="#TorClientOnADifferentComputerThanMyApplications">I - want to run my Tor client on a different computer than my applications. - </a></h3> - <p> - By default, your Tor client only listens for applications that - connect from localhost. Connections from other computers are - refused. If you want to torify applications on different computers - than the Tor client, you should edit your torrc to define - SocksListenAddress 0.0.0.0 and then restart (or hup) Tor. If you - want to get more advanced, you can configure your Tor client on a - firewall to bind to your internal IP but not your external IP. - </p> - - <hr> - - <a id="ServerClient"></a> - <h3><a class="anchor" href="#ServerClient">Can I install Tor on a - central server, and have my clients connect to it?</a></h3> - <p> - Yes. Tor can be configured as a client or a relay on another - machine, and allow other machines to be able to connect to it - for anonymity. This is most useful in an environment where many - computers want a gateway of anonymity to the rest of the world. - However, be forwarned that with this configuration, anyone within - your private network (existing between you and the Tor - client/relay) can see what traffic you are sending in clear text. - The anonymity doesn't start until you get to the Tor relay. - Because of this, if you are the controller of your domain and you - know everything's locked down, you will be OK, but this configuration - may not be suitable for large private networks where security is - key all around. - </p> - <p> -Configuration is simple, editing your torrc file's SocksListenAddress -according to the following examples: - </p> - <pre> - - #This provides local interface access only, - #needs SocksPort to be greater than 0 - SocksListenAddress 127.0.0.1 - - #This provides access to Tor on a specified interface - SocksListenAddress 192.168.x.x:9100 - - #Accept from all interfaces - SocksListenAddress 0.0.0.0:9100 - </pre> - <p> -You can state multiple listen addresses, in the case that you are -part of several networks or subnets. - </p> - <pre> - SocksListenAddress 192.168.x.x:9100 #eth0 - SocksListenAddress 10.x.x.x:9100 #eth1 - </pre> - <p> -After this, your clients on their respective networks/subnets would specify -a socks proxy with the address and port you specified SocksListenAddress -to be. - </p> - <p> -Please note that the SocksPort configuration option gives the port ONLY for -localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need -to give the port with the address, as shown above. - <p> -If you are interested in forcing all outgoing data through the central Tor -client/relay, instead of the server only being an optional proxy, you may find -the program iptables (for *nix) useful. - </p> - - <hr> - <a id="RelayOrBridge"></a> <h3><a class="anchor" href="#RelayOrBridge">Should I be a normal relay or bridge relay?</a></h3>