[or-cvs] move the tor docs over to cvs/website/en/ so we can start to
arma at seul.org
arma at seul.org
Wed Mar 15 01:27:50 UTC 2006
Update of /home2/or/cvsroot/website/en
In directory moria:/home/arma/work/onion/cvs/website/en
Added Files:
tor-doc-osx.wml tor-doc-server.wml tor-doc-unix.wml
tor-doc-win32.wml tor-switchproxy.wml
Log Message:
move the tor docs over to cvs/website/en/ so we can start to
get some translations of them.
this means that they can't be in tor packages easily now, but
so it goes.
--- NEW FILE: tor-doc-osx.wml ---
## translation metadata
# Revision: $Revision: 1.1 $
#include "head.wmi" TITLE="Tor Mac OS X Install Instructions"
<div class="center">
<div class="main-column">
<h1>Running the <a href="<page index>">Tor</a> client on Mac OS X</h1>
<br />
<p>
<b>Note that these are the installation instructions for running a Tor client on
Mac OS X. If you want to relay traffic for others to help the network
grow (please do), read the <a
href="<page tor-doc-server>">Configuring a server</a> guide.</b>
</p>
<hr />
<a id="installing"></a>
<h2><a class="anchor" href="#installing">Step One: Download and Install Tor</a></h2>
<br />
<p>
The latest stable and experimental releases of Tor for Macintosh
OS X bundle <a href="<page index>">Tor</a> and <a
href="http://www.privoxy.org">Privoxy</a> (a filtering web proxy)
into one package, with Privoxy pre-configured to proxy through Tor.
<a href="<page download>">Download one from the download
page</a>.
</p>
<p>Our Tor installer should make everything pretty simple. Below is a
screenshot of the setup page:
</p>
<img alt="tor installer splash page"
src="http://tor.eff.org/img/screenshot-osx-installer-splash.png"
border="1">
<p>
By default, Tor is configured to run at startup. If you do not want Tor to
run on startup, you can disable this by selecting "Customize" in the
Installer, and then un-checking the "Tor Startup Script" box. Be sure to
leave the other boxes checked.
</p>
<p>Once the installer is finished and your computer restarts, Tor will
start automatically. Tor comes configured as a client by default. It
uses a built-in default configuration file in <tt>/Library/Tor/torrc</tt>,
but most people won't need to change any of the settings. Tor is now
installed.</p>
<p>Privoxy is installed as part of the Tor bundle package
installer. Privoxy is a filtering web proxy that integrates well with
Tor. Once it's installed, it will start automatically when your computer
is restarted.
</p>
<p>You do not need to configure Privoxy to use Tor. A custom Privoxy
configuration for Tor has been installed as part of the installer package.
</p>
<hr />
<a id="using"></a>
<h2><a class="anchor" href="#using">Step Two: Configure your applications to use Tor</a></h2>
<br />
<p>After installing Tor and Privoxy, you need to configure your
applications to use them. The first step is to set up web browsing.</p>
<p>If you're using Firefox (we recommend it), check out our <a
href="<page tor-switchproxy>">Tor SwitchProxy howto</a> to set up
a plugin that makes it easy to switch between using Tor and using a
direct connection.</p>
<p>Otherwise, you need to manually configure your browser to HTTP proxy
at localhost port 8118.
(That's where Privoxy listens.)
In Mozilla, this is in Mozilla|Preferences|Advanced|Proxies.
You should set both your Web Proxy (HTTP) and your Secure Web Proxy
(HTTPS or SSL) to localhost port 8118, to hide your SSL traffic too.
You should consider configuring your "FTP Proxy" too; see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#FtpProxy">this
note</a> about Tor and ftp proxies.
</p>
<p>If you want to use Tor with Safari, you need to change your
Network Settings. Select your Network Preferences from the Apple |
Location menu:</p>
<img alt="Network settings"
src="http://tor.eff.org/img/screenshot-osx-choose-network.png"
border="1">
<p>Select the Network Interface on which you want to enable Tor. If you use
more than one Interface you must change the proxy settings for each
individually.</p>
<img alt="Network preferences"
src="http://tor.eff.org/img/screenshot-osx-choose-interface.png"
border="1">
<p>
<p>Select and enter 127.0.0.1 and port 8118 for both
Web Proxy (HTTP) and your Secure Web Proxy (HTTPS).
You should also do this for "FTP Proxy" and "Gopher Proxy"; see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#FtpProxy">this
note</a> about Tor and ftp proxies. Leave your Use Passive FTP Mode
(PASV) setting as is.</p>
<img alt="Proxy settings"
src="http://tor.eff.org/img/screenshot-osx-proxy-settings.png"
border="1">
<p>Using privoxy is <strong>necessary</strong> because <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS">browsers
leak your
DNS requests when they use a SOCKS proxy directly</a>, which is bad for
your anonymity. Privoxy also removes certain dangerous headers from your
web requests, and blocks obnoxious ad sites like Doubleclick.</p>
<p>To Torify other applications that support HTTP proxies, just
point them at Privoxy (that is, localhost port 8118). To use SOCKS
directly (for instant messaging, Jabber, IRC, etc), you can point
your application directly at Tor (localhost port 9050), but see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS">this
FAQ entry</a> for why this may be dangerous. For applications
that support neither SOCKS nor HTTP, take a look at <a
href="http://www.taiyo.co.jp/~gotoh/ssh/connect.html">connect</a> or
<a href="http://www.dest-unreach.org/socat/">socat</a>.</p>
<p>For information on how to Torify other applications, check out the
<a href="http://wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO">Torify
HOWTO</a>.
</p>
<hr />
<a id="verify"></a>
<h2><a class="anchor" href="#verify">Step Three: Make sure it's working</a></h2>
<br />
<p>
Next, you should try using your browser with Tor and make
sure that your IP address is being anonymized. Click on the <a
href="http://serifos.eecs.harvard.edu/cgi-bin/ipaddr.pl?tor=1">Tor
detector</a> and see whether it thinks you're using Tor or not.
(If that site is down, see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate">this
FAQ entry</a> for more suggestions on how to test your Tor.)
</p>
<p>If you have a personal firewall that limits your computer's
ability to connect to itself, be sure to allow connections from
your local applications to local port 8118 and port 9050. If
your firewall blocks outgoing connections, punch a hole so
it can connect to at least TCP ports 80 and 443, and then see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#FirewalledClient">this
FAQ entry</a>.
</p>
<p>If it's still not working, look at <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ItDoesntWork">this
FAQ entry</a> for hints.</p>
<hr />
<a id="server"></a>
<h2><a class="anchor" href="#server">Step Four: Configure it as a server</a></h2>
<br />
<p>The Tor network relies on volunteers to donate bandwidth. The more
people who run servers, the faster the Tor network will be. If you have
at least 20 kilobytes/s each way, please help out Tor by configuring your
Tor to be a server too. We have many features that make Tor servers easy
and convenient, including rate limiting for bandwidth, exit policies so
you can limit your exposure to abuse complaints, and support for dynamic
IP addresses.</p>
<p>Having servers in many different places on the Internet is what
makes Tor users secure. <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ServerAnonymity">You
may also get stronger anonymity yourself</a>,
since remote sites can't know whether connections originated at your
computer or were relayed from others.</p>
<p>Read more at our <a href="<page tor-doc-server>">Configuring a server</a>
guide.</p>
<hr />
<a id="uninstall"></a>
<h2><a class="anchor" href="#uninstall">How To Uninstall Tor and Privoxy</a></h2>
<br />
<p>The Tor 0.1.0.x series does not come with an uninstaller; this feature
will be added in the 0.1.1.x series. If you want to remove Tor on OSX,
here's how:</p>
<p>Change your application proxy settings back to their original values.
If you just want to stop using Tor, you can end at this point.</p>
<p>To stop Tor and Privoxy from running on startup</b>, remove the
/Library/StartupItems/Tor and /Library/StartupItems/Privoxy directories
respectively. If you just want to stop Tor from running, you can end at this
point.</p>
<p>To erase all remaining Tor and Privoxy files from your computer, delete
the following:
<ul>
<li>/Library/Tor</li>
<li>/Library/Privoxy</li>
<li>/usr/bin/tor</li>
<li>/usr/bin/tor_resolve</li>
<li>/var/log/tor</li>
<li>/usr/share/man/man1/tor.1</li>
<li>/usr/share/man/man1/tor-resolve.1</li>
<li>/usr/share/man/man1/torify.1</li>
<li>/Library/Receipts/Privoxy.pkg/</li>
<li>/Library/Receipts/privoxyconf.pkg/</li>
<li>/Library/Receipts/Tor.pkg/</li>
<li>/Library/Receipts/torstartup.pkg/</li>
</ul>
</p>
<hr />
<p>If you have suggestions for improving this document, please post
them on <a href="http://bugs.noreply.org/tor">our bugtracker</a> in the
website category. Thanks!</p>
</div><!-- #main -->
</div>
#include <foot.wmi>
--- NEW FILE: tor-doc-server.wml ---
## translation metadata
# Revision: $Revision: 1.1 $
#include "head.wmi" TITLE="Tor Server Configuration Instructions"
<div class="center">
<div class="main-column">
<h1>Configuring a <a href="<page index>">Tor</a> server</h1>
<br />
<p>
The Tor network relies on volunteers to donate bandwidth. The more
people who run servers, the faster the Tor network will be. If you have
at least 20 kilobytes/s each way, please help out Tor by configuring your
Tor to be a server too. We have many features that make Tor servers easy
and convenient, including rate limiting for bandwidth, exit policies so
you can limit your exposure to abuse complaints, and support for dynamic
IP addresses.</p>
<p>Having servers in many different places on the Internet is what
makes Tor users secure. <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ServerAnonymity">You
may also get stronger anonymity yourself</a>,
since remote sites can't know whether connections originated at your
computer or were relayed from others.</p>
<p>Setting up a Tor server is easy and convenient:
<ul>
<li>Tor has built-in support for <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#LimitBandwidth">rate
limiting</a>. Further, if you have a fast link
but want to limit the number of bytes per day
(or week or month) that you donate, check out the <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#Hibernation">hibernation
feature</a>.
</li>
<li>Each Tor server has an <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#RunAServerBut">exit
policy</a> that specifies what sort of outbound connections are allowed
or refused from that server. If you are uncomfortable allowing people
to exit from your server, you can set it up to only allow connections
to other Tor servers.
</li>
<li>It's fine if the server goes offline sometimes. The directories
notice this quickly and stop advertising the server. Just try to make
sure it's not too often, since connections using the server when it
disconnects will break.
</li>
<li>We can handle servers with dynamic IPs just fine, as long as the
server itself knows its IP. Have a look at this
<a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#DynamicIP">
entry in the FAQ</a>.
</li>
<li>If your server is behind a NAT and it doesn't know its public
IP (e.g. it has an IP of 192.168.x.y), you'll need to set up port
forwarding. Forwarding TCP connections is system dependent but <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ServerForFirewalledCli
ents">this FAQ entry</a> offers some examples on how to do this.
</li>
<li>Your server will passively estimate and advertise its recent
bandwidth capacity, so high-bandwidth servers will attract more users than
low-bandwidth ones. Therefore having low-bandwidth servers is useful too.
</li>
</ul>
<p>You can run a Tor server on
pretty much any operating system, but see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ServerOS">this
FAQ entry</a> for advice about which ones work best and other problems
you might encounter.</p>
<hr />
<a id="zero"></a>
<h2><a class="anchor" href="#zero">Step Zero: Download and Install Tor</a></h2>
<br />
<p>Before you start, you need to make sure that Tor is up and running.
</p>
<p>For Windows users, this means at least <a
href="<page tor-doc-win32>#installing">step one</a>
of the Windows Tor installation howto. Mac OS X users need to do at least
<a href="<page tor-doc-osx>#installing">step one</a>
of OS X Tor installation howto. Linux/BSD/Unix users should do at least
<a href="<page tor-doc-unix>#installing">step one</a>
of the Unix Tor installation howto.
</p>
<p>If it's convenient, you might also want to use it as a client for a
while to make sure it's actually working.</p>
<hr />
<a id="one"></a>
<h2><a class="anchor" href="#one">Step One: Set it up as a server</a></h2>
<br />
<p>
1. Verify that your clock is set correctly. If possible, synchronize
your clock with public time servers.
</p>
<p>
2. Make sure name resolution works (that is, your computer can resolve addresses correctly).
</p>
<p>
3. Edit the bottom part of your torrc. (See <a
href="http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ#torrc">this
FAQ entry</a> for help.)
Make sure to define at least Nickname and ORPort. Create the DataDirectory
if necessary, and make sure it's owned by the user that will be running
tor. <em>If you want to run more than one server that's great, but
please set <a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MultipleServers">the
MyFamily option</a> in all your servers' configuration files.</em>
</p>
<p>
4. If you are using a firewall, open a hole in your firewall so
incoming connections can reach the ports you configured (ORPort, plus
DirPort if you enabled it). Make sure you allow all outgoing connections,
so your server can reach the other Tor servers.
</p>
<p>
5. Start your server: if you installed from source you can just
run <tt>tor</tt>, whereas packages typically launch Tor from their
initscripts or startup scripts. If it logs any warnings, address them. (By
default Tor logs to stdout, but some packages log to <tt>/var/log/tor/</tt>
instead. You can edit your torrc to configure log locations.)
</p>
<p>
6. Subscribe to the <a
href="http://archives.seul.org/or/announce/">or-announce</a>
mailing list. It is very low volume, and it will keep you informed
of new stable releases. You might also consider subscribing to <a
href="http://archives.seul.org/or/talk/">or-talk</a> (higher volume),
where new development releases are announced.
</p>
<p>
7. Have a look at the manual.
The <a href="<page tor-manual>">manual</a> for the
latest stable version provides detailed instructions for how to install
and use Tor, including configuration of client and server options.
If you are running the CVS version the manual is available
<a href="<page tor-manual-cvs>">here</a>.
</p>
<p>
8. Read
<a href="http://wiki.noreply.org/noreply/TheOnionRouter/OperationalSecurity">this document</a>
to get ideas how you can increase the security of your server.
<hr />
<a id="two"></a>
<h2><a class="anchor" href="#two">Step Two: Make sure it's working</a></h2>
<br />
<p>As soon as your server manages to connect to the network, it will
try to determine whether the ports you configured are reachable from
the outside. This may take up to 20 minutes. Look for a log entry like
<tt>Self-testing indicates your ORPort is reachable from the outside. Excellent.</tt>
If you don't see this message, it means that your server is not reachable
from the outside — you should re-check your firewalls, check that it's
testing the IP and port you think it should be testing, etc.
</p>
<p>When it decides that it's reachable, it will upload a "server
descriptor" to the directories. This will let clients know
what address, ports, keys, etc your server is using. You can <a
href="http://belegost.seul.org/">load the directory manually</a> and
look through it to find the nickname you configured, to make sure it's
there. You may need to wait a few seconds to give enough time for it to
make a fresh directory.</p>
<hr />
<a id="three"></a>
<h2><a class="anchor" href="#three">Step Three: Register your nickname</a></h2>
<br />
<p>
Once you are convinced it's working (after a day or two maybe), you should
register your server.
This reserves your nickname so nobody else can take it, and lets us
contact you if you need to upgrade or something goes wrong.
</p>
<p>
Send mail to <a
href="mailto:tor-ops at freehaven.net">tor-ops at freehaven.net</a> with a
subject of '[New Server] <your server's nickname>' and
include the following information in the message:
</p>
<ul>
<li>Your server's nickname</li>
<li>The fingerprint for your server's key (the contents of the
"fingerprint" file in your DataDirectory — on Windows, look in
\<i>username</i>\Application Data\tor\ or \Application Data\tor\;
on OS X, look in /Library/Tor/var/lib/tor/; and on Linux/BSD/Unix,
look in /var/lib/tor or ~/.tor)
</li>
<li>Who you are, so we know whom to contact if a problem arises</li>
<li>What kind of connectivity the new server will have</li>
</ul>
<hr />
<a id="four"></a>
<h2><a class="anchor" href="#four">Step Four: Once it's working</a></h2>
<br />
<p>
We recommend the following steps as well:
</p>
<p>
6. Decide what exit policy you want. By default your server allows
access to many popular services, but we restrict some (such as port 25)
due to abuse potential. You might want an exit policy that is
less restrictive or more restrictive; edit your torrc appropriately.
Read the FAQ entry on <a
href="<page faq-abuse>#TypicalAbuses">issues you might
encounter if you use the default exit policy</a>.
If you choose a particularly open exit policy, you should make
sure your ISP is ok with that choice.
</p>
<p>
7. Decide about rate limiting. Cable modem, DSL, and other users
who have asymmetric bandwidth (e.g. more down than up) should
rate limit to their slower bandwidth, to avoid congestion. See the <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#LimitBandwidth">rate
limiting FAQ entry</a> for details.
</p>
<p>
8. If you control the name servers for your domain, consider setting
your hostname to 'anonymous' or 'proxy' or 'tor-proxy', so when other
people see the address in their web logs, they will more quickly
understand what's going on.
</p>
<p>
9. If your computer isn't running a webserver, please consider
changing your ORPort to 443 and your DirPort to 80. Many Tor
users are stuck behind firewalls that only let them browse the
web, and this change will let them reach your Tor server. Win32
servers can simply change their ORPort and DirPort directly
in their torrc and restart Tor. OS X or Unix servers can't bind
directly to these ports (since they don't run as root), so they will
need to set up some sort of <a
href="http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ#ServerForFirewalledClients">
port forwarding</a> so connections can reach their Tor server. If you are
using ports 80 and 443 already but still want to help out, other useful
ports are 22, 110, and 143.
</p>
<p>
10. If your Tor server provides other services on the same IP address
— such as a public webserver — make sure that connections to the
webserver are allowed from the local host too. You need to allow these
connections because Tor clients will detect that your Tor server is the <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers">safest
way to reach that webserver</a>, and always build a circuit that ends
at your server. If you don't want to allow the connections, you must
explicitly reject them in your exit policy.
</p>
<p>
11. (Unix only). Make a separate user to run the server. If you
installed the OS X package or the deb or the rpm, this is already
done. Otherwise, you can do it by hand. (The Tor server doesn't need to
be run as root, so it's good practice to not run it as root. Running
as a 'tor' user avoids issues with identd and other services that
detect user name. If you're the paranoid sort, feel free to <a
href="http://wiki.noreply.org/wiki/TheOnionRouter/TorInChroot">put Tor
into a chroot jail</a>.)
</p>
<p>
12. (Unix only.) Your operating system probably limits the number
of open file descriptors per process to 1024 (or even less). If you
plan to be running a fast exit node, this is probably not enough. On
Linux, you should add a line like "toruser hard nofile 8192" to your
/etc/security/limits.conf file (where toruser is the user that runs the
Tor process), and then restart Tor if it's installed as a package (or log
out and log back in if you run it yourself). If that doesn't work, see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#FileDescriptors">this
FAQ entry</a> for other suggested ways to run "ulimit -n 8192" before
you launch Tor.
</p>
<p>
13. If you installed Tor via some package or installer, it probably starts
Tor for you automatically on boot. But if you installed from source,
you may find the initscripts in contrib/tor.sh or contrib/torctl useful.
</p>
When you change your Tor configuration, be sure to restart Tor, and
remember to verify that your server still works correctly after the
change.
<hr />
<p>If you have suggestions for improving this document, please post
them on <a href="http://bugs.noreply.org/tor">our bugtracker</a> in the
website category. Thanks!</p>
</div><!-- #main -->
</div>
#include <foot.wmi>
--- NEW FILE: tor-doc-unix.wml ---
## translation metadata
# Revision: $Revision: 1.1 $
#include "head.wmi" TITLE="Tor Linux/BSD/Unix Install Instructions"
<div class="center">
<div class="main-column">
<h1>Running the <a href="<page index>">Tor</a> client on Linux/BSD/Unix</h1>
<br />
<p>
<b>Note that these are the installation instructions for running a Tor
client. If you want to relay traffic for others to help the network grow
(please do), read the <a
href="<page tor-doc-server>">Configuring a server</a> guide.</b>
</p>
<hr />
<a id="installing"></a>
<h2><a class="anchor" href="#installing">Step One: Download and Install Tor</a></h2>
<br />
<p>
The latest release of Tor can be found on the <a
href="<page download>">download</a> page. We have packages for Debian,
Red Hat, Gentoo, *BSD, etc there too.
</p>
<p>If you're building from source, first install <a
href="http://www.monkey.org/~provos/libevent/">libevent</a>, and
make sure you have openssl and zlib (including the -devel packages if
applicable). Then Run <tt>tar xzf tor-0.1.0.15.tar.gz;
cd tor-0.1.0.15</tt>. Then <tt>./configure && make</tt>. Now you
can run tor as <tt>src/or/tor</tt>, or you can run <tt>make install</tt>
(as root if necessary) to install it into /usr/local/, and then you can
start it just by running <tt>tor</tt>.
</p>
<p>Tor comes configured as a client by default. It uses a built-in
default configuration file, and most people won't need to change any of
the settings. Tor is now installed.
</p>
<hr />
<a id="privoxy"></a>
<h2><a class="anchor" href="#privoxy">Step Two: Install Privoxy for Web Browsing</a></h2>
<br />
<p>After installing Tor, you need to configure your applications to use it.
</p>
<p>
The first step is to set up web browsing. Start by installing <a
href="http://www.privoxy.org/">Privoxy</a>: click on 'recent releases'
and pick your favorite package or install from source. Privoxy is a
filtering web proxy that integrates well with Tor.
</p>
<p>You need to configure Privoxy to use Tor.
Open Privoxy's "config" file (look in /etc/privoxy/ or /usr/local/etc/)
and add the line <br>
<tt>forward-socks4a / localhost:9050 .</tt><br>
to the top of the config file. Don't forget to add the dot at the end.
</p>
<p>Privoxy keeps a log file of everything passed through it. In
order to stop this you will need to comment out two lines by inserting a
# before the line. The two lines are:<br>
<tt>logfile logfile</tt><br>
and the line <br>
<tt>jarfile jarfile</tt><br>
</p>
<p>You'll need to restart Privoxy for the changes to take effect.</p>
<hr />
<a id="using"></a>
<h2><a class="anchor" href="#using">Step Three: Configure your applications to use Tor</a></h2>
<br />
<p>After installing Tor and Privoxy, you need to configure your
applications to use them. The first step is to set up web browsing.</p>
<p>If you're using Firefox (we recommend it), check out our <a
href="<page tor-switchproxy>">Tor SwitchProxy howto</a> to set up
a plugin that makes it easy to switch between using Tor and using a
direct connection.</p>
<p>Otherwise, you need to manually configure your browser to HTTP proxy
at localhost port 8118.
(That's where Privoxy listens.)
In Mozilla, this is in Edit|Preferences|Advanced|Proxies.
In Opera 7.5x it's Tools|Preferences|Network|Proxy servers.
You should click the "use the same proxy server for all protocols"
button; but see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#FtpProxy">this
note</a> about Tor and ftp proxies.
<p>Using privoxy is <strong>necessary</strong> because <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS">browsers
leak your DNS requests when they use a SOCKS proxy directly</a>, which
is bad for your anonymity. Privoxy also removes certain dangerous
headers from your web requests, and blocks obnoxious ad sites like
Doubleclick.</p>
<p>To Torify other applications that support HTTP proxies, just
point them at Privoxy (that is, localhost port 8118). To use SOCKS
directly (for instant messaging, Jabber, IRC, etc), you can point
your application directly at Tor (localhost port 9050), but see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS">this
FAQ entry</a> for why this may be dangerous. For applications
that support neither SOCKS nor HTTP, take a look at <a
href="http://tsocks.sourceforge.net/">tsocks</a> or <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO#socat">socat</a>.
</p>
<p>For information on how to Torify other applications, check out the
<a href="http://wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO">Torify
HOWTO</a>.
</p>
<hr />
<a id="verify"></a>
<h2><a class="anchor" href="#verify">Step Four: Make sure it's working</a></h2>
<br />
<p>
Next, you should try using your browser with Tor and make
sure that your IP address is being anonymized. Click on the <a
href="http://serifos.eecs.harvard.edu/cgi-bin/ipaddr.pl?tor=1">Tor
detector</a> and see whether it thinks you're using Tor or not.
(If that site is down, see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate">this
FAQ entry</a> for more suggestions on how to test your Tor.)
</p>
<p>If you have a personal firewall that limits your computer's
ability to connect to itself (this includes something like SELinux on
Fedora Core 4), be sure to allow connections from
your local applications to Privoxy (local port 8118) and Tor (local port
9050). If
your firewall blocks outgoing connections, punch a hole so
it can connect to at least TCP ports 80 and 443, and then see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#FirewalledClient">this
FAQ entry</a>. If your SELinux config is not allowing tor or privoxy to
run correctly, create a file named booleans.local in the directory
/etc/selinux/targeted. Edit this file in your favorite text editor and
insert "allow_ypbind=1". Restart your machine for this change to take
effect.
</p>
<p>If it's still not working, look at <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ItDoesntWork">this
FAQ entry</a> for hints.</p>
<hr />
<a id="server"></a>
<h2><a class="anchor" href="#server">Step Five: Configure it as a server</a></h2>
<br />
<p>The Tor network relies on volunteers to donate bandwidth. The more
people who run servers, the faster the Tor network will be. If you have
at least 20 kilobytes/s each way, please help out Tor by configuring your
Tor to be a server too. We have many features that make Tor servers easy
and convenient, including rate limiting for bandwidth, exit policies so
you can limit your exposure to abuse complaints, and support for dynamic
IP addresses.</p>
<p>Having servers in many different places on the Internet is what
makes Tor users secure. <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ServerAnonymity">You
may also get stronger anonymity yourself</a>,
since remote sites can't know whether connections originated at your
computer or were relayed from others.</p>
<p>Read more at our <a href="<page tor-doc-server>">Configuring a server</a>
guide.</p>
<hr />
<p>If you have suggestions for improving this document, please post
them on <a href="http://bugs.noreply.org/tor">our bugtracker</a> in the
website category. Thanks!</p>
</div><!-- #main -->
</div>
#include <foot.wmi>
--- NEW FILE: tor-doc-win32.wml ---
## translation metadata
# Revision: $Revision: 1.1 $
#include "head.wmi" TITLE="Tor MS Windows Install Instructions"
<div class="center">
<div class="main-column">
<h1>Running the <a href="<page index>">Tor</a> client on MS Windows</h1>
<br />
<p>
<b>Note that these are the installation instructions for running a Tor
client on MS Windows (98, 98SE, NT4, 2000, XP, Server).
If you want to relay traffic for others to help the network grow (please
do), read the <a href="<page tor-doc-server>">Configuring a server</a>
guide.</b>
</p>
<hr />
<a id="installing"></a>
<h2><a class="anchor" href="#installing">Step One: Download and Install Tor</a></h2>
<br />
<p>
The install for MS Windows bundles <a href="<page index>">Tor</a>,
<a href="http://www.freehaven.net/~edmanm/torcp/">TorCP</a>
(a Tor controller that lets you monitor and control Tor), and <a
href="http://www.privoxy.org">Privoxy</a> (a filtering web proxy) into
one package, with the three applications pre-configured to work together.
<a href="<page download>">Download either the stable or
the experimental version from the download page</a>.
</p>
<p>
<b>If you want to configure yourself to be a Tor server via TorCP,
you will need the experimental version of the bundle.</b>
</p>
<p>If the bundles don't work for you, you can download Tor by itself
from the <a href="<page download>">download page</a>, and then <a
href="<page tor-doc-unix>#privoxy">install
and configure Privoxy on your own</a>.
</p>
<img alt="tor installer splash page"
src="http://tor.eff.org/img/screenshot-win32-installer-splash.png" />
<p>If you have previously installed Tor, TorCP, or Privoxy
you can deselect whichever components you do not need to install
in the dialog shown below.
</p>
<img alt="select components to install"
src="http://tor.eff.org/img/screenshot-win32-installer-components.png" />
<p>After you have completed the installer, the components
you selected will automatically be started for you.
</p>
<!--
<p>Tor comes configured as a client by default. It uses a built-in
default configuration file, and most people won't need to change any of
the settings. Tor is now installed.
</p>
-->
<hr />
<a id="using"></a>
<h2><a class="anchor" href="#using">Step Two: Configure your applications to use Tor</a></h2>
<br />
<p>After installing Tor and Privoxy, you need to configure your
applications to use them. The first step is to set up web browsing.</p>
<p>If you're using Firefox (we recommend it), check out our <a
href="<page tor-switchproxy>">Tor SwitchProxy howto</a> to set up
a plugin that makes it easy to switch between using Tor and using a
direct connection.</p>
<p>Otherwise, you need to manually configure your browser to HTTP proxy
at localhost port 8118.
(That's where Privoxy listens.)
In Mozilla, this is in Edit|Preferences|Advanced|Proxies.
In Opera 7.5x it's Tools|Preferences|Network|Proxy servers.
In IE, it's Tools|Internet Options|Connections|LAN Settings|Advanced.
You should click the "use the same proxy server for all protocols"
button; but see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#FtpProxy">this
note</a> about Tor and ftp proxies.
In IE, this looks something like:</p>
<img alt="Proxy settings in IE"
src="http://tor.eff.org/img/screenshot-win32-ie-proxies.jpg" />
<p>Using Privoxy is <strong>necessary</strong> because <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS">browsers
leak your DNS requests when they use a SOCKS proxy directly</a>, which
is bad for your anonymity. Privoxy also removes certain dangerous
headers from your web requests, and blocks obnoxious ad sites like
Doubleclick.</p>
<p>To Torify other applications that support HTTP proxies, just
point them at Privoxy (that is, localhost port 8118). To use SOCKS
directly (for instant messaging, Jabber, IRC, etc), you can point
your application directly at Tor (localhost port 9050), but see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS">this
FAQ entry</a> for why this may be dangerous. For applications
that support neither SOCKS nor HTTP, take a look at <a
href="http://www.socks.permeo.com/Download/SocksCapDownload/index.asp">SocksCap</a> or
<a href="http://www.freecap.ru/eng/">FreeCap</a>.
(FreeCap is free software; SocksCap is proprietary.)</p>
<p>For information on how to Torify other applications, check out the
<a href="http://wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO">Torify
HOWTO</a>.
</p>
<hr />
<a id="verify"></a>
<h2><a class="anchor" href="#verify">Step Three: Make sure it's working</a></h2>
<br />
<p>
Check to see that Privoxy and TorCP are running and that TorCP has
successfully started Tor. Privoxy's icon is a green or blue circle with a "P"
in it, and TorCP uses a fat grey onion with a green checkmark in your
system notification area, as shown below:
</p>
<img alt="TorCP Tray Icon"
src="http://tor.eff.org/img/screenshot-win32-torcp.png">
<p>
Next, you should try using your browser with Tor and make
sure that your IP address is being anonymized. Click on the <a
href="http://serifos.eecs.harvard.edu/cgi-bin/ipaddr.pl?tor=1">Tor
detector</a> and see whether it thinks you're using Tor or not.
(If that site is down, see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate">this
FAQ entry</a> for more suggestions on how to test your Tor.)
</p>
<p>If you have a personal firewall that limits your computer's
ability to connect to itself, be sure to allow connections from
your local applications to local port 8118 and port 9050. If
your firewall blocks outgoing connections, punch a hole so
it can connect to at least TCP ports 80 and 443, and then see <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#FirewalledClient">this
FAQ entry</a>.
</p>
<p>If it's still not working, look at <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ItDoesntWork">this
FAQ entry</a> for hints.</p>
<hr />
<a id="server"></a>
<h2><a class="anchor" href="#server">Step Four: Configure it as a server</a></h2>
<br />
<p>The Tor network relies on volunteers to donate bandwidth. The more
people who run servers, the faster the Tor network will be. If you have
at least 20 kilobytes/s each way, please help out Tor by configuring your
Tor to be a server too. We have many features that make Tor servers easy
and convenient, including rate limiting for bandwidth, exit policies so
you can limit your exposure to abuse complaints, and support for dynamic
IP addresses.</p>
<p>Having servers in many different places on the Internet is what
makes Tor users secure. <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ServerAnonymity">You
may also get stronger anonymity yourself</a>,
since remote sites can't know whether connections originated at your
computer or were relayed from others.</p>
<p>Read more at our <a href="<page tor-doc-server>">Configuring a server</a>
guide.</p>
<hr />
<p>If you have suggestions for improving this document, please post
them on <a href="http://bugs.noreply.org/tor">our bugtracker</a> in the
website category. Thanks!</p>
</div><!-- #main -->
</div>
#include <foot.wmi>
--- NEW FILE: tor-switchproxy.wml ---
## translation metadata
# Revision: $Revision: 1.1 $
#include "head.wmi" TITLE="Tor SwitchProxy Install Instructions"
<div class="center">
<div class="main-column">
<h1>Installing SwitchProxy for <a href="<page index>">Tor</a></h1>
<hr />
<p>
SwitchProxy is a Firefox plugin that makes it easy for you to switch
between using a proxy and connecting to websites directly.</p>
<p>In this howto, you'll set up SwitchProxy to let you change
between using Tor and a direct connection. We assume you already
have Firefox installed and working.</p>
<p>The screenshots here are oriented towards Windows users, but
SwitchProxy works anywhere Firefox works. Hopefully everybody else can
follow along just fine.</p>
<hr />
<a id="zero"></a>
<h2><a class="anchor" href="#zero">Step Zero: Download and Install Tor and Privoxy</a></h2>
<br />
<p>Before you start, you need to make sure 1) Tor is up and running,
2) Privoxy is up and running, and 3) Privoxy is configured to point
to Tor.</p>
<p>Windows users need to do <a
href="<page tor-doc-win32>#installing">step one</a>
of the Windows Tor installation howto, and Mac OS X users need to do <a
href="<page tor-doc-osx>#installing">step one</a>
of OS X Tor installation howto, since our Win32 and OS X packages include
Privoxy and configure it already. Linux/BSD/Unix users should do <a
href="<page tor-doc-unix>#installing">step one</a>
and <a href="<page tor-doc-unix>#privoxy">step
two</a> of the Unix Tor installation howto.
</p>
<hr />
<a id="one"></a>
<h2><a class="anchor" href="#one">Step One: Download and Install SwitchProxy</a></h2>
<br />
<p>SwitchProxy is a Firefox plugin, so you need to go through
the process of installing a new plugin. First, go to the <a
href="https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&id=125">
SwitchProxy</a> web page. If you're using Firefox 1.5, you might need to
download SwitchProxy <a href="http://www.roundtwo.com/product/switchproxy">from
here</a> instead.
Turn on JavaScript for now and click "Install Now":</p>
<img alt="switchproxy web page"
src="http://tor.eff.org/img/screenshot-switchproxy-webpage.jpg" />
<p>It will pop up a window asking for permission to install the plugin.
Click on the "Install Now" button:
</p>
<img alt="firefox plugin warning"
src="http://tor.eff.org/img/screenshot-switchproxy-plugin-starting.jpg" />
<p>Once the installer is finished, you should close all of your Firefox
windows and restart Firefox.</p>
<img alt="firefox plugin finished"
src="http://tor.eff.org/img/screenshot-switchproxy-plugin-finished.jpg" />
<hr />
<a id="two"></a>
<h2><a class="anchor" href="#two">Step Two: Configure SwitchProxy</a></h2>
<br />
<p>When you restart Firefox, you'll notice there's a new toolbar
that lets you control your proxies. Now we're going to set up a proxy
configuration for Tor. Click on "Add" in the new Proxy toolbar:</p>
<img alt="new toolbar"
src="http://tor.eff.org/img/screenshot-switchproxy-toolbar.jpg" />
<p>It will ask you to select a proxy type. Choose
"Standard." (There's also an "anonymous" proxy type that
uses an ad hoc set of anonymous proxies out there. You
don't want this, because those other "anonymous" proxies <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ComparisonProxyAggregators">give
you much weaker security than Tor</a>.)
</p>
<img alt="standard proxy"
src="http://tor.eff.org/img/screenshot-switchproxy-proxytype.jpg" />
<p>Now it will show you the standard proxy config window for Firefox.
Give this configuration a proxy label of "tor". Then fill in "localhost"
and "8118" for all four entries, as shown here. (Even
though Privoxy doesn't support FTP and Gopher, <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#FtpProxy">you
should set them up anyway</a>.) Then click "OK":</p>
<img alt="proxy config"
src="http://tor.eff.org/img/screenshot-switchproxy-proxyconfig.jpg" />
<p>Now you've created the "tor" proxy label, but you're not using it yet.
Click on the pull-down list and select tor, as shown here:</p>
<img alt="switch to tor"
src="http://tor.eff.org/img/screenshot-switchproxy-switch.jpg" />
<p>Almost done. Click "Apply" to make your change take effect:</p>
<img alt="apply"
src="http://tor.eff.org/img/screenshot-switchproxy-apply.jpg" />
<p>Done! Firefox will reload your current page. In
this example screenshot, it reloaded the page and <a
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#GoogleLanguage">happened
to get a German exit node</a>:</p>
<img alt="german google"
src="http://tor.eff.org/img/screenshot-switchproxy-german.jpg" />
<hr />
<a id="three"></a>
<h2><a class="anchor" href="#three">Step Step Three: Check if it works</a></h2>
<br />
<p>Now Firefox is using Privoxy as an HTTP proxy, Privoxy is using Tor as
a socks4a proxy, and Tor is making your connections to the Internet.</p>
<p>In the above example, it was clear that it worked because the web
page showed up in a different language. In other cases, though,
you'll want to verify that your setup is working. Do
<a href="<page tor-doc-win32>#verify">step three</a>
of the Windows Tor installation howto, or
<a href="<page tor-doc-osx>#verify">step three</a>
of the OS X Tor installation howto.</p>
<p>You should be aware of one anonymity gotcha: when you switch from
using Tor to a direct connection (or vice versa), by default the page
that's currently active will be reloaded through the new proxy setting.
So make sure you're on a page that isn't sensitive, before switching.
(You can also change this behavior in SwitchProxy's "Options |
Preferences" menu.)</p>
<hr />
<p>If you have suggestions for improving this document, please <a
href="/contact">send them to us</a>. Thanks!</p>
</div><!-- #main -->
</div>
#include <foot.wmi>
More information about the tor-commits
mailing list