In http://tor.eff.org/docs/tor-doc-server.html.en it says,
14. If your Tor server provides other services on the same IP address--such as a public webserver--make sure that connections to the webserver ae allowed from the local host, too. You need to allow these connections because Tor clients will detect that your Tor server is the safest way to reach that webserver, and always build a circuit that ends at your server. If you don't want to allow the connections, you must explicitly reject them in your exit policy. I have a few questions about the above text. a) Who translates the destination address to 127.0.0.1? Is it the tor client? Or is it the exit server? b) If I have "ExitPolicyRejectPrivate 1" in my torrc, does that prevent such end-to-end encryption? If not, then does an "ExitPolicy reject *:*" at the end of my exit policy list count as "explicitly rejecting" such connections? c) If "TunnelDirConns 1" tries to build one-hop circuits to directory servers, does "TunnelDirConns 0" result in direct, unencrypted links to directory servers? Or does it result in the normal, three-hop link encrypted as far as the exit server, then unencrypted to the directory server? Or does it result in an end-to-end-encrypted link to the directory server? Do I need to have something like "ExitPolicy accept 127.0.0.1:[dirport]" ahead of the "ExitPolicyRejectPrivate 1" in my torrc to allow it? d) If normal connections to directory servers are unencrypted at any point along the way, what is the procedure to get them to be encrypted from end to end? For obvious reasons, tor should not be getting directory information over a connection that is not encrypted from end to end, even if everyone knows exactly what the content of the directory information happens to be at any given moment. I'm trying to figure out the best way to make sure my tor only uses end-to-end-encrypted connections, preferably going through a multi-hop tor circuit. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************