[opensuse] How to enable Tor in firewall for tor relaying?
I use OpenSuse 11.3 Tor works perfect as client. Tor works perfect for relaying if firewall is down. If it's on, Vidalia cannot find UPnP devices (It can, when firewall is disabled). I tried to go Yast - Firewall - Allowed Services - Advanced - TCP and entered 3 ports: 9001 9030 9050 Restarted firewall with no result. Maybe I'm wrong when trying to open a port in such a way? Please, give an advice. Thanks a lot. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 16/08/10 02:22, arygroup@gmail.com wrote:
I use OpenSuse 11.3
Tor works perfect as client.
Tor works perfect for relaying if firewall is down. If it's on, Vidalia cannot find UPnP devices (It can, when firewall is disabled).
I tried to go Yast - Firewall - Allowed Services - Advanced - TCP and entered 3 ports: 9001 9030 9050
Restarted firewall with no result. Maybe I'm wrong when trying to open a port in such a way? Please, give an advice.
Thanks a lot.
Somebody, tell me something! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
perhaps you should check the rules by hand with iptables -L
and possibly try iptables -I INPUT -p tcp --dport (port number) -j
ALLOW [do one for each of the ports you're expecting). are you sure
TOR only uses those 3? and are you sure it's all TCP?
I suspect those 3 are just base ports and it negotiates some higher
numbered ports; perhaps those are being blocked... and I can't recall
the config parameters for handling such things in iptables right now.
On Tue, Aug 17, 2010 at 3:27 PM, arygroup@gmail.com
On 16/08/10 02:22, arygroup@gmail.com wrote:
I use OpenSuse 11.3
Tor works perfect as client.
Tor works perfect for relaying if firewall is down. If it's on, Vidalia cannot find UPnP devices (It can, when firewall is disabled).
I tried to go Yast - Firewall - Allowed Services - Advanced - TCP and entered 3 ports: 9001 9030 9050
Restarted firewall with no result. Maybe I'm wrong when trying to open a port in such a way? Please, give an advice.
Thanks a lot.
Somebody, tell me something! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- Even the Magic 8 ball has an opinion on email clients: Outlook not so good. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 17/08/10 23:46, zGreenfelder wrote:
perhaps you should check the rules by hand with iptables -L
and possibly try iptables -I INPUT -p tcp --dport (port number) -j ALLOW [do one for each of the ports you're expecting).
Hmm... What shoud I do? ================ # iptables -I INPUT -p tcp --dport 9030 -j ALLOW iptables v1.4.8: Couldn't load target `ALLOW':/usr/lib/xtables/libipt_ALLOW.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more information. ================ There is no such file. I removed and installed iptables with no result.
are you sure TOR only uses those 3? and are you sure it's all TCP?
I'm not. But the documentation is not clear as for me. It says: "If you are using a firewall, open a hole in your firewall so incoming connections can reach the ports you configured (ORPort, plus DirPort if you enabled it). If you have a hardware firewall (Linksys box, cablemodem, etc) you might like portforward.com. Also, make sure you allow all outgoing connections too, so your relay can reach the other Tor relays. " The ORPort is 9001 The DirPort is 9030 9050 is one another, I found in configs and tried to open it just in case. Now I think I have 2 problems: 1. Thet missing file above 2. The documentaion says "make sure you allow all outgoing connections too". I'm not what connections Yast Firewall should open - all, outgoing or ingoing.
I suspect those 3 are just base ports and it negotiates some higher numbered ports; perhaps those are being blocked... and I can't recall the config parameters for handling such things in iptables right now.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 17/08/10 23:46, zGreenfelder wrote: zGreenfelder, I apologize. The problem is not with the porst and TOR. It works ok. There is another not critical problem on other ports - vidalia (tor's gui) cannot find my DSL's modem UPnP devices with firewall on. But it's not needed. So the thread can be considered closed on this part. But what is the problem with the missing ALLOW file? Can you help on this? I'm googling now, but I can't find anything useful. Thanks. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2010-08-17 21:27, arygroup@ wrote:
On 16/08/10 02:22, arygroup@ wrote:
Somebody, tell me something!
Sorry, I have no idea what TOR is. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))
On 18/08/10 02:02, Carlos E. R. wrote:
On 2010-08-17 21:27, arygroup@ wrote:
On 16/08/10 02:22, arygroup@ wrote:
Somebody, tell me something!
Sorry, I have no idea what TOR is.
http://www.torproject.org/ Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 17 August 2010 18:04:49 arygroup@gmail.com wrote:
Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.
On a first look great idea, but how tor prevents misuse for malicious purpose? Organizations and individuals can be good people, but also far from that. I don't think that tor can ensure content control and privacy at the same time :) -- Regards, Rajko -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 18/08/10 03:09, Rajko M. wrote:
On Tuesday 17 August 2010 18:04:49 arygroup@gmail.com wrote:
Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.
On a first look great idea, but how tor prevents misuse for malicious purpose? Organizations and individuals can be good people, but also far from that.
I don't think that tor can ensure content control and privacy at the same time :)
Do you suggest any alternative? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I think I mispoke; try -j ACCEPT in place of -j ALLOW and TOR is notorious for extreme misuse, fwiw. I don't think anyone can really suggest alternatives without some very specific requirements. something like... you want to download bittorrents without the NSA being able to directly tie it to you... or you want to get around the chinese firewall that keeps you from reading about many and varied political events... or whatever your highlevel reason for using TOR may be. -- Even the Magic 8 ball has an opinion on email clients: Outlook not so good. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 8/17/2010 8:09 PM, Rajko M. wrote:
On Tuesday 17 August 2010 18:04:49 arygroup@gmail.com wrote:
Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.
On a first look great idea, but how tor prevents misuse for malicious purpose? Organizations and individuals can be good people, but also far from that.
I don't think that tor can ensure content control and privacy at the same time :)
It absolutely can not, which is rather it's point and virtue. The two concepts are anathema to each other and of the two, you want the capacity for your own privacy more than you want the capacity to deny someone else their privacy. Unless you are OK with the fact that it's impossible for you to say, post some opinions or even hard facts and evidence that your government or other large powerful party or even small dangerous party being able to identify you personally in reaction to it if they didn't like it. Privacy doesn't mean "I can look at porn in private.", it doesn't mean "I can get away with copying this CD.", it means "I can vote for the person I think is best without being afraid that the mob of hopped up idiots will kill me for it, or shun me, or get me fired, or their kids beat up my kids, or the bank deny me the house loan, or the religious doctor give my atheist grandfather less than his best possible care & resources, etc etc etc. It means you can post a blog about a controversial topic without wackos, or your own government, or some big company, making you pay (in countless indirect, un-fightable, legal ways aside from the obvious direct ways) for saying things they happen to dislike whether they have any right to or not. That is actually quite difficult to arrange today. Almost every service requires contact info that ultimately is traceable to you. Even if only an email address, not very many email providers will give you an email address without some sort of knowledge that points back to you. Tor is a rare and crucial godsend that gives you the security your government is failing to give you (pick ANY government). If it means you can't tell the difference between an illegal copy of WIndows7 and a recording of your own original work and a chunk of random data, well that's just tough for poor poor abused Microsoft! A communication service provider has no right to that. Or at least they shouldn't. In the US and many other places anyways we are all screwed up about that at the moment and service providers are being held responsible for things they should actually have no right to even look at. But I'm speaking about what is right and wrong, not what the completely b0rkded laws of the day say. Consider, by simply advocating the privacy Tor provides in this email, I've made myself suspicious to some people. "Why is it such a big deal? What are you DOING in that secret channel we can't see into? Maybe you're just planning a surprise birthday party you don't want your wife to find out about, but maybe you're plotting the assassination of the president, or worse, copying a dvd!!!" Theoretically, just by expressing this opinion publicly from a standard email that is directly traceable to me in real life, I have incurred extra scrutiny by the whoever the MPAA/RIAA/etc have working for them. Obviously I don't presume to be important enough to warrant any such scrutiny. But then again, one does not have to be important any more. Computers can scan all traffic and tabulate everything up all nice and tidy and spit out the list of all "suspects" without overloading any human operators. Easy peasy. Now couple that with the recent DRM laws going into effect the world over. Have you heard about how they don't even have to provide a reasonable cause to make an accusation of copyright infringement? Have you heard that merely making the accusation a few times, which they get to make for free and without proof of any wrongdoing, will get you penalized whether you actually did anything or not? In that world, merely raising your voice and drawing the wrong sort of attention to yourself can in fact very easily get you into real trouble that you are powerless to fight. Anyone who doesn't think privacy is crucial is an idiot. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 18/08/10 04:39, Brian K. White wrote:
On 8/17/2010 8:09 PM, Rajko M. wrote:
Privacy doesn't mean "I can look at porn in private.", it doesn't mean
I saw a bunch of idiot discussing why "pedophilia is not bad" using tor. Alas, tor is also used for these purposes. But many governments (I'd say most of them) don't REALLY fight drugs or porn, many make money on it. But they really fight opposition. Tor is dangerous for totalitarian control much more, then for morale. One side of this coin has more square then another one. :-) There were times, when most of people couldn't read and write. And the task of progress was to learn them. Now it's time to learn people privacy, personal security and such things. "- If you are an honest man, why should you hide something? - Even in hot summer I wear clothes. Even an honest man has something to hide." In the beginning my question was really a technical one. :-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 17 August 2010 21:21:40 arygroup@gmail.com wrote:
In the beginning my question was really a technical one. :-)
And it is still technical, although not technical as in numbers. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 17 August 2010 20:39:55 Brian K. White wrote:
Anyone who doesn't think privacy is crucial is an idiot.
Agree, but idiot is also one that trust some web page without checking who is behind. With Tor there is a problem, if they are effective protecting privacy then you can't know who they are, and you can't trust them, but if you know who they are, then they are not protecting even own privacy, so you don't need them. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Rajko M. wrote:
On Tuesday 17 August 2010 20:39:55 Brian K. White wrote:
Anyone who doesn't think privacy is crucial is an idiot.
Agree, but idiot is also one that trust some web page without checking who is behind.
With Tor there is a problem, if they are effective protecting privacy then you can't know who they are, and you can't trust them, but if you know who they are, then they are not protecting even own privacy, so you don't need them.
there is lots of info available that a lot of folks living in (say) Iran have trust issues with their government, and therefore use Tor.. see for example this over one year old: http://radar.oreilly.com/2009/06/tor-and-the-legality-of-runnin.html imHo, if privacy is trampled anywhere, freedom is trampled everywhere. on the other hand, _your_ confidence in who you might or might not be dealing with at a web site is not a matter of _your_ privacy, but theirs....and, no matter how deeply you want to know exactly who they are, if they do not choose to level with you, you are free to go somewhere else... you have the freedom to do that *and* protect your privacy, *AND* theirs....win win win DenverD -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 8/17/2010 11:50 PM, Rajko M. wrote:
On Tuesday 17 August 2010 20:39:55 Brian K. White wrote:
Anyone who doesn't think privacy is crucial is an idiot.
Agree, but idiot is also one that trust some web page without checking who is behind.
With Tor there is a problem, if they are effective protecting privacy then you can't know who they are, and you can't trust them, but if you know who they are, then they are not protecting even own privacy, so you don't need them.
There is no such problem. Intermediate tor nodes carrying your data can not spy on it as it's encrypted, and the code in your client even if nowhere else, is open source and so you do not have to trust any other entity. You only have to trust that if this piece of open source publicly viewable software had a backdoor in it, that it would be essentially impossible to keep someone somewhere in the world from spotting it and alerting everyone else. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (6)
-
arygroup@gmail.com -
Brian K. White -
Carlos E. R. -
DenverD -
Rajko M. -
zGreenfelder