tor privoxy squid

gabrix gabrix at gabrix.ath.cx
Mon Nov 20 04:32:03 UTC 2006 

coderman wrote:

> On 11/18/06, gabrix <gabrix at gabrix.ath.cx> wrote:
>
>> [my transparent squid proxy isn't working]
>
>
> try the following:
>
> squid: make sure these elements are in your squid.conf
> ---cut---
> httpd_accel_port 3128
> httpd_accel_host virtual
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> cache_peer      localhost       parent  8118    7       no-query default
> header_access Via deny all
> header_access From deny all
> forwarded_for off
> --end-cut---
>
> privoxy: note that the cache_peer in squid config refers to SOCKS
> proxy in privoxy config.
> ---cut---
> listen-address  127.0.0.1:8118
> forward-socks4a         /       127.0.0.1:9050  .
> --end-cut---
>
> tor: note that 9050 is the SOCKS proxy port for Tor.
>
> iptables:
> INTF=eth1 # internal network interface
> ONTF=eth0 # external default route / public interface
> ---cut---
> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p tcp -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT 
> --to 3128
> ---end-cut---
>
> note that you'll want additional firewall / filter rules, and also
> that DNS leaks may be present.  you will have to transparently proxy
> DNS via dns-proxy-tor or equivalent to avoid this, and the following
> filter rules can be used for transparent DNS proxy:
> ---cut---
> $IPTABLES -t nat -A PREROUTING -i $INTIF -p udp --dport 53 -j REDIRECT
> --to 65533
> --end-cut--
> where 65533 is where dns-proxy-tor is listening.
>
Uahu !I already had this but i love collaboration and thanks!contact me 
at skype gabx666 or visit the website i'm building at 
http://tor.gabrix.ath.cx ,please keep in touch ok ?
What i'm trying to is:
I have tor+privoxy on each lan machine behind the gateway , now , i want 
lan http requests to go first locally "torbuttoned" and than ,before 
togo in internet,beeing proxied again by the gateway squid-tor-privoxy 
... am i crazy ?It's fun!
I have this iptables:

> TOR=9001,9030,9031,9050,9090,9091
> SQUID_PORT=3128

> #$IPT -t nat -I PREROUTING -i $IF1 -p tcp -s 192.168.1.0/24 -m owner 
> --uid-owner debian-tor --dport 80 -j DNAT --to 192.16$
> $IPT -t nat -I PREROUTING -i $IF1 -p tcp -s 192.168.1.0/24 -m 
> multiport --dports $TOR -j REDIRECT --to $SQUID_PORT


Http requests once they leave my lan machines they don't go to port 80 
but a tor-socks port so i was trying to get them to go through my squid 
gateway port one way ( --uid-owner ) or the other.
GGG!

More information about the tor-talk mailing list