Thanks for the clarification. It's much easier to understand now. Comrade Ringo Kamens
On 10/26/07, Nick 'Zaf' Clifford <[EMAIL PROTECTED]> wrote: > Nick 'Zaf' Clifford wrote: > > Hey ya, > > > > Just noticed one small problem with Tor + Firefox + IPv6. > > I'm aware that Tor doesn't yet support IPv6, but I found an interesting > > development with respect to a system that has IPv6 configured and working. > > > > > Embarrassing confession time: > When I first noticed this "bug", I didn't realize I'd set a proxy bypass > for .nrc.co.nz (my local domain) a long time ago when doing other proxy > testing. This meant when I went to a .nrc.co.nz address, it did so > directly, bypassing any proxy. > > When I eventually started playing with Tor, I had forgotten about that > setting (and use TorButton so never even looked at the proxy settings of > Firefox). > The end result was that I went to a local system, it bypassed Tor (as > I'd asked it to do). > > All of my systems here have IPv6 (and some of them don't have IPv4), so > when I saw that I was able to connect to my internal network systems, > supposedly via tor (having forgotten that I'd set that proxy bypass ages > ago), I became suspicious, and looked at the system logs, saw my own > IPv6 address, and went "Ah ha!". That lead to the above bug report. > > The questions you have all raised in response to my report (with > reference to it being network.dns.IPv6, and asking if it still disabled > numerical addresses), prompted me to do further testing, where I found > conflicting results, that lead me to notice the .nrc.co.nz proxy bypass. > > So, after doing more testing, the results are: > If you set up Firefox to use Privoxy and Tor, All requests go to Privoxy > (this is obvious if you think about it, because otherwise Firefox would > have to do DNS lookups on hostnames to notice they are IPv6, which would > be a big huge leak). > Privoxy takes the hostname, and does an IPv4 lookup (eg it doesn't > support v6), so feeds the request through Tor as expected and desired. > To round out the testing, and provide answers to all: > If you give privoxy an IPv6 numerical address, eg: > http://[2002:xxxxx:1]/, privoxy fails to recognise the address at all as > being an IPv6 address, and therefore fails gracefully: > Your request for http://[2002:xxxx:1]/ could not be fulfilled, because > the domain name *[2002* could not be resolved. > > This is fine, and therefore I respectfully withdraw by bug report, and > apologize to the Firefox developers, as I commented that it was probably > a bug in Firefox. > > I'd also like to thank all of you on the mailing list who immediately > recognized what this may have been (had it been accurate) and > acknowledged my find and started fixing your own systems. > > So to everyone, stand down, not a bug, the problem was a PEBKAC (Problem > Exists Between Keyboard And Chair) > Thanks, > Nick Clifford > >