Re: Freenode's (irc) Tor Catch 22? Two hidden services = zero?
[...] I found this problem too but as I could understand the registration for the accounts with gpg need to be made "by hand" by the operators so we need to wait one or two weeks. I also be waiting. -- Ciao leandro pgpErNoxB1uU9.pgp Description: PGP signature
Re: Hidden service usage
Karsten Loesing ha scritto: [...] > So, these options won't help you. You shouldn't enable them, or your Tor > will behave funny. Well, so I understood right! ;-) > Can you instead learn the number of connections to your hidden service > from your webserver (or whatever kind of server that is)? Your local Tor > opens a new connection for every incoming request to your hidden > service. Maybe you can count those connections? Yes I could have some informations like these "indirectly" using grep on log files but I liked to have something also from tor server. -- Ciao leandro pgpfHczfb5de5.pgp Description: PGP signature
Hidden service usage
Ciao a tutti, I would like to control the usage (the amount of connections or something like) to a hidden service I have. In the man page (0.2.2.1-alpha-1 version) I found these directives: AuthoritativeDirectory 0|1 When this option is set to 1, Tor operates as an authoritative directory server. Instead of caching the directory, it generates its own list of good servers, signs it, and sends that to the clients. Unless the clients already have you listed as a trusted directory, you probably do not want to set this option. Please coordinate with the other admins at tor-...@freehaven.net if you think you should be a directory. HSAuthoritativeDir 0|1 Whenthis option isset inaddition to AuthoritativeDirectory, Tor also accepts and serves hidden service descriptors. (Default: 0) HSAuthorityRecordStats 0|1 Whenthis option isset inaddition to HSAuthoritativeDir, Tor periodically (every 15 minutes) writes statistics about hidden service usage to a file hsusage in its data directory. (Default: 0) DataDirectory/hsusage Used to track hidden service usage in terms of fetch and publish requests to this hidden service authoritative directory. Only used when recording of statistics is enabled. As I can understand I need to enable all to have something, right? The first option is not only for directory servers? And also, what kind of information I will have? -- Ciao leandro pgpq8hkkZOngv.pgp Description: PGP signature
New mirror for torproject
Ciao a tutti From today 17 august 2009 is active a new mirror of the http://www.torproject.orgsitereachableattheaddress http://torproject.cybervalley.org. The mirror is updated every four ours P.S.: do you know if it will be possible to have an ssl certificate signed the same like the main site? -- Ciao leandro Io non voglio sapere tutto, io voglio capire tutto pgp7K197Y3Ng6.pgp Description: PGP signature
Two different hidden service on the same tor client
Ciao a tutti, I have a tor client running 24h and I would like to serve two different hidden services via http on it. So I run two different web server, one on 8183 and another on 8184 port and I wrote these lines in my torrc HiddenServiceDir /var/lib/tor/server-1/ HiddenServicePort 80 127.0.0.1:8183 HiddenServiceDir /var/lib/tor/server-2/ HiddenServicePort 81 127.0.0.1:8184 so if I try to connect to these hidden service they work. Now comes the question: is possibile to run the two hidden service on port 80 together? If I change the above lines in HiddenServiceDir /var/lib/tor/server-1/ HiddenServicePort 80 127.0.0.1:8183 HiddenServiceDir /var/lib/tor/server-2/ HiddenServicePort 80 127.0.0.1:8184 ^^ I could not reach the second service. Is this correct? -- Ciao leandro to write me remove MANISUDICIE from the address below pgpd3Q4mDAAGc.pgp Description: PGP signature
Re: tor-mirrors (mirrors of the Tor Project website)
jon ha scritto: [...] > > I would like to setup a mirror for tor website but I need to know how > > much disk space needs. > > > > [...] > > > > > Should be 15 GB for the website and dist, and 4 GB for just the dist. Uhmmm, ok I have not so much free space for all but only for dist eventually: is this kind of mirror really useful? And how much space it will be needed in future? Is dist growing or it is quite always the same? -- Ciao leandro Io non voglio sapere tutto, io voglio capire tutto pgpjDWFdNf1nk.pgp Description: PGP signature
Re: tor-mirrors (mirrors of the Tor Project website)
jon ha scritto: > Just a couple of notes, since some Tor Project website mirror > operators may be subscribed to this list: I would like to setup a mirror for tor website but I need to know how much disk space needs. [...] -- Ciao leandro Io non voglio sapere tutto, io voglio capire tutto pgpA3TM3Gpwve.pgp Description: PGP signature
Re: Iptables configuration for a transparent proxy for a single user
leandro noferini ha scritto: [...] > Ok, now ipfilter does not complain but I cannot connect anymore. > > :-( > > I will investigate more. I applied these rules for iptables (in this order): iptables -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --syn -j REDIRECT --to-ports 9040 iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53 iptables -A OUTPUT -m owner --uid-owner anonymous -j DROP that gave this firewall.rules (saved with iptables-save) # Generated by iptables-save v1.4.3.2 on Thu May 14 22:38:12 2009 *filter :INPUT ACCEPT [16071:6425763] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [15031:2354190] -A OUTPUT -m owner --uid-owner anonymous -j DROP COMMIT # Completed on Thu May 14 22:38:12 2009 # Generated by iptables-save v1.4.3.2 on Thu May 14 22:38:12 2009 *nat :PREROUTING ACCEPT [350:71565] :POSTROUTING ACCEPT [264:19517] :OUTPUT ACCEPT [264:19517] -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040 -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53 COMMIT # Completed on Thu May 14 22:38:12 2009 But now the user cannot connect anywhere and if I try to see what the configuration for iptables is I get this minchioncino:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) targetprot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt sourcedestination DROP all -- anywhere anywhereowner UID match anonymous I think this is not correct because all traffic coming from the user is dropped, right? -- Ciao leandro Io non voglio sapere tutto, io voglio capire tutto pgpcwJ0qSDCiI.pgp Description: PGP signature
Re: Iptables configuration for a transparent proxy for a single user
John Brooks ha scritto: > Removing '-t nat' from the last rule should do what you need. Only the > first two really need to be in the NAT table (because they are > modifying the traffic, not filtering it). [...] > > iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp > > --syn -j REDIRECT --to-ports 9040 > > iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp > > --dport 53 -j REDIRECT --to-ports 53 > > iptables -t nat -A OUTPUT -m owner --uid-owner anonymous -j DROP [...] Ok, now ipfilter does not complain but I cannot connect anymore. :-( I will investigate more. -- Ciao leandro Io non voglio sapere tutto, io voglio capire tutto pgppSuGTnmHH3.pgp Description: PGP signature
Iptables configuration for a transparent proxy for a single user
Ciao a tutti, in tor wiki at the address http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy#head-235f10e71909d609c46847c9f91efe8ed5168004 explains the way to apply a trasparent proxy for a specific user. The rules for iptables are iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --syn -j REDIRECT --to-ports 9040 iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A OUTPUT -m owner --uid-owner anonymous -j DROP In my debian unstable linux (kernel 2.6.29 and iptables 1.4.3.2-2 from package) these rules don't work anymore and this is the message from iptables The "nat" table is not intended for filtering, the use of DROP is therefore inhibited. Does anyone know the changes needed tomake it work again? -- Ciao leandro Io non voglio sapere tutto, io voglio capire tutto pgpxXnDdWG28O.pgp Description: PGP signature
Re: Excluding some networks
Marco Bonetti ha scritto: > > I use the trasparent proxy through tor to connect for a user but I would > > like to exclude some networks (vpn with a 192.168.X.X address): I could > > do? > Tor should already ignore the "local" net address like yours by default, > unless you explicity set ExitPolicyRejectPrivate to 0. Yes, this is true. I have a problem connecting but this is not due to tor, I think. [...] -- Ciao leandro Io non voglio sapere tutto, io voglio capire tutto pgp46ZwOQS18I.pgp Description: PGP signature
Excluding some networks
Ciao a tutti, I use the trasparent proxy through tor to connect for a user but I would like to exclude some networks (vpn with a 192.168.X.X address): I could do? -- Ciao leandro Io non voglio sapere tutto, io voglio capire tutto pgpE15wqSYvdj.pgp Description: PGP signature
Needed changings for new version of iptables
Ciao a tutti, I am using the method explained at http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy to have a trasparent proxy for a specifical user on a debian/i386 unstable. I use these rules for iptables: iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anoymous -m tcp --syn -j REDIRECT --to-ports 9040 iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anoymous -m udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A OUTPUT -m owner --uid-owner anoymous -j DROP But since some days ago a new version of iptables (1.4.2-2) arrived in distribution and I am having this error message: The "nat" table is not intended for filtering, hence the use of DROP is deprecated and will permanently be disabled in the next iptables release. Please adjust your scripts. How I could change the above script for the new iptables version? -- Ciao leandro Un esteso e "normale" uso della crittografia è il sistema più forte per rivendicare il diritto alla privacy nelle comunicazioni telematiche: come tutti i diritti e come i muscoli se non viene esercitato costantemente si atrofizza e va perso. pgpjC5nI9XJ1V.pgp Description: PGP signature
Error "Making tunnel to dirserver failed"
Ciao a tutti, I found this error in syslog Nov 13 08:38:23 nemo Tor[2370]: Requested exit point '$847B1F850344D7876491A54892F845934E4EB85D' is not known. Closing. Nov 13 08:38:23 nemo Tor[2370]: Making tunnel to dirserver failed. What does it mean? -- Ciao leandro Un esteso e "normale" uso della crittografia è il sistema più forte per rivendicare il diritto alla privacy nelle comunicazioni telematiche: come tutti i diritti e come i muscoli se non viene esercitato costantemente si atrofizza e va perso. pgp5KPQm9xjDi.pgp Description: PGP signature
Re: is tor an email mixmaster?
M. Peterson ha scritto: > Hi > > want to know, if tor is as well an email mixmaster, I wrote a small document about the use of some email programs for unix shell (mutt, msmtp and fetchmail) and socat to concatenate these with tor to send and receive anonymous emails. The work is quite done but I found the entire process too much complicated so I began to think that the trasparent proxy approach would be better. [...] -- Ciao leandro Un esteso e "normale" uso della crittografia è il sistema più forte per rivendicare il diritto alla privacy nelle comunicazioni telematiche: come tutti i diritti e come i muscoli se non viene esercitato costantemente si atrofizza e va perso. pgpOYlvNAjKEW.pgp Description: PGP signature
Found a bug in documentation on the site?
Ciao a tutti, I was making some experiments with fetchmail + tor and I found a strange behaviour: at the address https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO/EMail there is this example: set no spambounce set no bouncemail poll provider plugin "socat STDIO SOCKS4A:127.0.0.1:%h:%p,socksport=9050" protocol imap user user with password password, ssl mda "/usr/bin/procmail -d userlocal" but sniffing the traffic I see a dns query for the address of provider _at the beginning_ of session: looks like fetchmail doing these queries at the beginning of the session without any help from socat and only then it calls socat to download the messages, actually (?) late. I think this behaviour must at least indicated in that page. -- Ciao leandro Un esteso e "normale" uso della crittografia è il sistema più forte per rivendicare il diritto alla privacy nelle comunicazioni telematiche: come tutti i diritti e come i muscoli se non viene esercitato costantemente si atrofizza e va perso. pgpwHtA7TcSnv.pgp Description: PGP signature
Rotate log problem
Ciao a tutti, I found a trouble rotating log for the tor server tortuga: log will be rotated using the program savelog in a cron job (on GNU/Linux). When the job ends I find the logs empty and I need to restart the server to have something in the logs. Is there another way to resolve this? -- Ciao leandro Tortuga operator pgp39NQNaEGL9.pgp Description: PGP signature