109 lines
3.0 KiB
Plaintext
109 lines
3.0 KiB
Plaintext
{{beinhaltet Abweichungen von der Realität}}
|
|
|
|
[[Server/freebert]] is gone!
|
|
|
|
== Hardware ==
|
|
Virtualisiert durch [[Server/freebert/FreeBSD]]
|
|
|
|
== Software ==
|
|
|
|
* FreeBSD Jail
|
|
* tor
|
|
|
|
== Verwendungszweck ==
|
|
|
|
* tor Proxy
|
|
* (.onion Adressauflösung mit Firefox (socks_remote_dns) durch (http://watchbert.hq.c3d2.de/proxy.pac)
|
|
|
|
== Tor.onion mit Firefox ==
|
|
|
|
Configure Firefox to tunnel DNS queries via a SOCKS5 proxy
|
|
|
|
The last step is to tell Firefox that it should tunnel the DNS lookups via the Tor '''SOCKS5''' proxy when we want to access a .onion domain. By default firefox will try to resolve .onion domains using our local DNS resolver, therefore it will fail to do that.
|
|
To fix this, we should enable '''network.proxy.socks_remote_dns''' on the advanced configuration page:
|
|
In the browser location bar (the place where you type web addresses), type '''about:config''' and press Enter. This opens a different set of Firefox preferences. Where it says Search: at the top, type '''network.proxy.socks'''. The list of preferences will automatically change to show your proxy preferences.
|
|
Highlight '''network.proxy.socks_remote_dns''' by clicking it only once. Then, right-click it. This opens a small pull-down menu. Select Toggle from the menu to change its value to true.
|
|
|
|
This will make Firefox to tunnel all the queries to .onion domains via our local Tor daemon. This also adds privacy by preventing DNS queries to .onion domains from leaking.
|
|
|
|
Now restart Firefox and you should be able to surf .onion domains directly.
|
|
|
|
Quelle: http://blog.neutrino.es/2013/how-to-connect-to-onion-tor-domains-with-standard-firefox-on-linux/
|
|
|
|
== todo: proxy for own onion service ==
|
|
|
|
* ersetzen von inhalten die über das clearweb geladen werden
|
|
* z.B. bekannte Links auf über .onion erreichbare websites (rewrite-regeln)
|
|
|
|
=== bekannte noch zu ersetzende Links ===
|
|
|
|
im HTML
|
|
|
|
* http://www.hq.c3d2.de/
|
|
* http://c3d2.de
|
|
* https://wiki.c3d2.de/
|
|
* http://media.c3d2.de
|
|
* //c3d2.de/ (links in stylesheets)
|
|
|
|
=== bekannte Links durch Proxy ===
|
|
|
|
Inhalte bestimmt durch (externe) Services
|
|
|
|
* /spaceapi.json
|
|
* /status.png
|
|
|
|
=== bekannte Websites mit .onion ===
|
|
|
|
die bei Links ersetzt werden könnten
|
|
|
|
{|
|
|
! CW-Domain !! .onion
|
|
|-
|
|
| https://blockchain.info/
|
|
| https://blockchainbdgpzk.onion/
|
|
|-
|
|
| https://facebook.com/
|
|
| https://www.facebookcorewwwi.onion/
|
|
|-
|
|
| http://thepiratebay.se/
|
|
| http://uj3wazyk5u4hnvtk.onion/
|
|
|-
|
|
| https://duckduckgo.com/
|
|
| http://3g2upl4pq6kufc4m.onion/
|
|
|}
|
|
|
|
== Jail: Tor Installation ==
|
|
|
|
<source lang=bash>
|
|
cd /usr/ports/security/tor/ && make install clean
|
|
|
|
vi /etc/rc.conf
|
|
|
|
tor_enable="YES"
|
|
|
|
vi /usr/local/etc/tor/torrc
|
|
|
|
### ### ### C3D2 ### ### ###
|
|
#
|
|
SocksPort 9050
|
|
#ControlPort 9051
|
|
SocksBindAddress 127.0.0.1
|
|
SocksBindAddress 172.22.99.75
|
|
SocksPolicy accept 172.22.99.0/24
|
|
SocksPolicy reject *
|
|
OutboundBindAddress 172.22.99.75
|
|
|
|
RunAsDaemon 1
|
|
AllowUnverifiedNodes middle,rendezvous
|
|
AutomapHostsOnResolve 1
|
|
#
|
|
### ### ### C3D2 ### ### ###
|
|
|
|
service tor start
|
|
</source>
|
|
|
|
== Log ==
|
|
* 05.06.2014 - Setup
|
|
|
|
[[Kategorie:Infrastruktur]]
|