[tor-bugs] #3374 [Torouter]: Torouter OS and configuration
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Jun 21 22:39:22 UTC 2011
#3374: Torouter OS and configuration
----------------------+-----------------------------------------------------
Reporter: runa | Owner: runa
Type: task | Status: new
Priority: normal | Milestone:
Component: Torouter | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Comment(by ioerror):
I've now setup a Torouter that is pretty functional. I'll try to outline
this at a high level and then show some service details that will make for
interesting discussion.
The Torouter I'm using is a DreamPlug with no modifications other than a
stock Debian install - at the moment, I'm using the Marvell/DreamPlug
stock kernel because it's a PITA to change it. I'm hopeful to change the
kernel and to integrate grsec into the mix in the very near future. I need
a different ticket for this work and will update this ticket when I have
it. That will take a lot of work, I suspect.
The router has two ethernet ports - the first one at the top of the device
is eth0 and the second one near the bottom of the device is eth1. eth0 may
be plugged into any network that connects to the internet. eth1 may be
plugged into a switch or directly into another computer.
When eth0 is brought up, tor (0.2.3.x) is started and configured as a
bridge. Tor attempts to automatically punch a hole in any upstream NAT
device with tor-fw-helper and does so with the NAT-PMP and UPnP client
protocols. Additionally, when eth0 is brought up, uap0 is brought up as a
wireless access point.
uap0 shares a normal 802.11 wireless network in infrastructure mode with
the ESSID of "torproject" - It is an open wireless network that provides
dhcp for any client that joins the network. It performs DNS resolution
with Tor's DNSPort and all traffic is transparently routed to the internet
through the Tor client on the Torouter itself. This network drops all non-
TCP traffic and provides Tor access for devices such as the Chrome CR-48
or phones that do not yet support a native Tor client.
eth1 provides normal internet access - it acts as a NAT behind eth0, it
forwards packets, it offers dns resolution and of course dhcp service. A
client or up to 244 clients (according to the current dhcp configuration)
merely needs to plug into a switch fabric or directly into the Torouter to
receive internet service.
This setup seems to satisify nearly every requirement I've heard as
something we'd desire. This device may be used as a home router (via eth1
and the NAT), a wifi access point, a Tor bridge and even a Tor relay if
reconfigured. It requires no setup by the user and automatically enables
all of these features by merely plugging into a single internet enabled
ethernet cord and providing power.
The specific services may need to be reconfigured or even re-written.
However their specific purpose seems to be well defined - we simply need
to think about the security boundaries and the scope of each thing we
enable.
Here's a list of services listening at the moment:
{{{
root at torouter:~# lsof -ni
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
pump 962 root 0u IPv4 1473 0t0 TCP *:bootpc
(LISTEN)
udhcpd 1016 root 5u IPv4 1539 0t0 UDP *:bootps
exim4 1405 Debian-exim 3u IPv4 1845 0t0 TCP 127.0.0.1:smtp
(LISTEN)
exim4 1405 Debian-exim 4u IPv6 1846 0t0 TCP [::1]:smtp
(LISTEN)
ntpd 1421 ntp 16u IPv4 1877 0t0 UDP *:ntp
ntpd 1421 ntp 17u IPv6 1879 0t0 UDP *:ntp
ntpd 1421 ntp 18u IPv4 1889 0t0 UDP 127.0.0.1:ntp
ntpd 1421 ntp 19u IPv4 1891 0t0 UDP 10.0.2.102:ntp
ntpd 1421 ntp 20u IPv4 1893 0t0 UDP 172.16.23.1:ntp
ntpd 1421 ntp 21u IPv6 1895 0t0 UDP [::1]:ntp
ntpd 1421 ntp 22u IPv6 2006 0t0 UDP
[fe80::f2ad:4eff:fe00:7aab]:ntp
ntpd 1421 ntp 23u IPv4 2927 0t0 UDP 10.23.42.1:ntp
ntpd 1421 ntp 24u IPv6 2929 0t0 UDP
[fe80::f2ad:4eff:fe00:7aac]:ntp
tor 1436 debian-tor 7u IPv4 1942 0t0 TCP *:9001 (LISTEN)
tor 1436 debian-tor 8u IPv4 1943 0t0 TCP 127.0.0.1:9050
(LISTEN)
tor 1436 debian-tor 9u IPv4 1944 0t0 TCP 172.16.23.1:9040
(LISTEN)
tor 1436 debian-tor 10u IPv4 1945 0t0 UDP
172.16.23.1:domain
tor 1436 debian-tor 14u IPv4 2012 0t0 UDP
10.0.2.102:53980->216.39.139.193:domain
tor 1436 debian-tor 15u IPv4 2013 0t0 UDP
10.0.2.102:33898->8.8.8.8:domain
tor 1436 debian-tor 18u IPv4 2105 0t0 TCP
10.0.2.102:52788->149.9.0.59:9001 (ESTABLISHED)
tor 1436 debian-tor 19u IPv4 2106 0t0 TCP
10.0.2.102:59918->38.229.70.42:www (ESTABLISHED)
sshd 1460 root 3r IPv4 2045 0t0 TCP
10.0.2.102:ssh->10.0.2.110:52163 (ESTABLISHED)
sshd 1549 root 3r IPv4 2315 0t0 TCP
10.0.2.102:ssh->10.0.2.110:48684 (ESTABLISHED)
sshd 1971 root 3u IPv4 3254 0t0 TCP *:ssh (LISTEN)
sshd 1971 root 4u IPv6 3256 0t0 TCP *:ssh (LISTEN)
dnsmasq 2318 dnsmasq 5u IPv4 7844 0t0 UDP *:bootps
dnsmasq 2318 dnsmasq 6u IPv6 7852 0t0 TCP
[fe80::f2ad:4eff:fe00:7aac]:domain (LISTEN)
dnsmasq 2318 dnsmasq 7u IPv6 7853 0t0 UDP
[fe80::f2ad:4eff:fe00:7aac]:domain
dnsmasq 2318 dnsmasq 8u IPv6 7854 0t0 TCP [::1]:domain
(LISTEN)
dnsmasq 2318 dnsmasq 9u IPv6 7855 0t0 UDP [::1]:domain
dnsmasq 2318 dnsmasq 10u IPv4 7856 0t0 TCP
10.23.42.1:domain (LISTEN)
dnsmasq 2318 dnsmasq 11u IPv4 7857 0t0 UDP
10.23.42.1:domain
dnsmasq 2318 dnsmasq 12u IPv4 7858 0t0 TCP 127.0.0.1:domain
(LISTEN)
dnsmasq 2318 dnsmasq 13u IPv4 7859 0t0 UDP 127.0.0.1:domain
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3374#comment:41>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list