Raviji:

https://cryptoanarchy.org/wiki/Build_your_own_livething

That's a bit insufficient and some points clearly outdated, see below.

obfsproxy issue =================

I have installed tor,pdnsd,ttdnsd,obfsproxy,polipo,vidalia

You don't need pdnsd,ttdnsd,polipo. Vidalia is a nice optional graphical user interface.

I have already collected the obfs IP address from a running tor bundle and then placed all those at /etc/tor/torrc. tor is running with obfs.

[Q] How can I check online that obfs is functional ? https://check.torproject.org/ simply shows tor is running, but no obfs related information.

Someone else has to answer here.

polipo and firewall =====================

Browsers configured to use polopo ( tor as parent) and the online check is successful (https://check.torproject.org/)

[Q] Is polipo really fast ? I hardly see any advantage comparing direct tor connection with out polipo.

You're on the wrong path. Don't use polipo / Firefox etc. anymore, unless you want to stay out from all other Tor users. Use Tor Browser. Details: https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers

[Q] What is the iptables rule to redirect all 80 and 443 traffic through polipo 8118 port ? Then no configuration is required at browser level.

You don't need iptables for that. Tor is running on a Gateway. Tor Browser without Tor/Vidalia started (patched startup script) is running on another machine. (Which we call Workstation.) Tor Button SOCKS Host: gateway IP, port: reserve one SocksPort in torrc on Gateway exclusively for Tor Browser. Add some extra SocksPorts for other applications. (stream isolation)

DNS and firewall =================

I am using pdnsd (caching DNS proxy server) and ttdnsd ( udp to tcp converter )

You don't need ttdnsd. I recommend using one SocksPorts per most, if not all applications. If you still want some remaining traffic fallback you can use Tor's excellent Dns- and TransPorts.

[Q] How can I enforce all udp to go through local DNS port and which one 53 or 8853 ?

For a "fetch remaining DNS traffic and route through Tor iptables rule" have a look at https://github.com/adrelanos/Whonix/blob/master/whonix_gateway/usr/local/bin... and search for "dns".

iptables to route all traffic and blocked all non tor ======================================================

LAN and lo (localhost) don't need to go through tor

You probable mess up there figuring out what is lan traffic for real and what not. I strongly recommend the Tor-only box to have no local lan traffic.

port 80/443 should go through poliop port 8118, all dns query should go through local 53 ( or 8853 ? ) port

Like said before, forget about that plan. Don't use polipo.

And the rest of the traffic should go through tor 9050 port, anything left should be dropped. The example iptables given at tails site is not working for me. Could anyone kindly give such a rule sets please ?

You can do it with virtual machines and/or physical isolation. https://sourceforge.net/p/whonix/wiki/Home/ https://github.com/adrelanos/Whonix/ https://github.com/adrelanos/Whonix/blob/master/whonix_gateway/usr/local/bin... _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE