So you have ClearOS
installed, and you’re wanting to not only use the “Content Filter,” but
you also want to make your connections go through tor. That’s really no
issue, but will take a few minutes to setup.
Shell Access
Yes, you’re going to need shell access to your ClearOS box. Preferably root, but if you have another user that is allowed and has sudo access, that’ll work too.
(Side note: More detailed information about proxying via ClearOS can be found here.)
(Side note: More detailed information about proxying via ClearOS can be found here.)
(1-3) Prepare Your Environment – Privoxy
Since ClearOS repositories do not contain any traces of Privoxy
you’ll need to manually build it yourself. Head over to the Privoxy
website, towards the downloads. You’ll need to “View All Files” and
scroll down to the “Sources” directory. There you should see a tar.gz,
click on it – Make sure it is “stable” (Link: http://sourceforge.net/projects/ijbswa/files/)
Copy the direct link and put it into the shell – I’m going to assume you’re in /home/admin. Example ..
wget http://downloads.sourceforge.net/project/ijbswa/Sources/3.0.16%20%28stable%29/privoxy-3.0.16-stable-src.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fijbswa%2Ffiles%2F&ts=1289336405&use_mirror=cdnetworks-us-1
Something like this..
So now that we’ve did that. Let’s run some other useful tasks.
Before compiling or installing Privoxy, you need to set a specific
user/group for it. Mostly because you don’t want this tool running under
super cow powers.
Do this:
useradd privoxy
Then:
passwd privoxy
Think of something good
Now, run make. It’ll then give you some tips on doing some other commands first – Whatever that is about. Either way, just press the y key and you’ll be set. Hopefully no errors occur. If so, just post them and I’ll see what I can dig up.
So… if everything does go OK. Issue make install – This will then install Privoxy to its suitable environment.
Side Note: Since there is 2 proxies by default installed on
ClearOS (Squid, and Dans Guardian), you would naturally think you could
direct Squid to Tor. This is not the case. ClearOS has the Squid
configuration in a specific way, in-which I really didn’t not feel like
editing. So I came up with this solution instead. If you have instead
wanted to use Squid and came up with a suitable edit, feel free to pass
it along.
Time to edit the configuration! Head over to /usr/local/etc/privoxy/ to edit the config. Like so:
Time to edit the configuration! Head over to /usr/local/etc/privoxy/ to edit the config. Like so:
cd /usr/local/etc/privoxy/
nano config
Go all the way to the end of the file and add:
forward-socks4a / IP:9050 .
Do not forget the end dot (.). Replace IP with the IP of the machine (the loopback IP. E.g. 127.0.0.1 or LAN, 192.168.1.2).
Save/Close that file.
(2-3) Tor
Now it’s time to cook some onions. Go to the Tor Project website to grab a binary or source of tor (http://www.torproject.org/download/download-unix.html.en). I recommend grabbing the source tarball.
Copy the link of the source tarball, at this time it’ll be 0.2.1.26.
Make sure you’re still in /home/admin or something suitable. (I have an
admin account setup for pseudo reasons if you hadn’t noticed.)
wget http://www.torproject.org/dist/tor-0.2.1.26.tar.gz
tar xvf tor-0.2.1.26.tar.gz
cd tor-0.2.1.26
./configure
make
OR
make install
If you only issue make you can execute directly in src/or/tor after compiling. Or you can issue make install
and it’ll install it. Remember the account you’re installing / running
under – You may not want tor running under a root account.
Small configuring with Tor
Now that Tor is installed, and hopefully working, it’s time to change
a few things. Even though tor will be used by the entire network (HTTP)
via a single machine, maybe some people will want to go directly to
Tor, rather than around tor to use tor.
Open up /usr/local/etc/tor/torrc and find (if torrc does not exist, do: mv torrc.sample torrc):
## Replace this with “SocksPort 0″ if you plan to run Tor only as a
## relay, and not make any local application connections yourself.
SocksPort 9050 # what port to open for local application connections
SocksListenAddress 127.0.0.1 # accept connections only from localhost
This is for connecting local Internet applications through port
9050. We want to add an listening host/port in-case someone wants to
connect directly to Tor that is not on the machine. It should look like
this instead:
## Replace this with “SocksPort 0″ if you plan to run Tor only as a
## relay, and not make any local application connections yourself.
SocksPort 9050 # what port to open for local application connections
SocksListenAddress 127.0.0.1 # accept connections only from localhost
SocksListenAddress IP:9100 # listen on this IP:port also
“IP” should be the LAN IP of the machine, such as 192.168.1.2. You
can set the port to whatever you prefer (as long as it’s not in use by
something else).
Generally some people will want to run Tor in the background, so if you want to do this find #RunAsDaemon 1
and remove the #. But if you don’t think anyone is going to run Privoxy
/ Polipo or some other translator on their owncomputer to connect to
Tor then don’t worry about adding an extra listening address.
Once you’re all finished with that, save and close.
(3-3) DansGuardian
Yay – We’ve made it this far!
Let’s start editing DG now. Open up /etc/dansguardian-av/dansguardian.conf and find:
# the port DansGuardian connects to proxy on
proxyport = 3128
3128 is Squid’s port. We want to change this to 8118 (which is Privoxy). Save and close.
Finishing Up
Login to the web interface of ClearOS, head to the Content Filter,
and restart it. If all goes well, it should come back online – If not,
change the proxy port back and start over.
Everything should be correctly setup now. You’ll be connecting to
DansGuardian, which connects to Privoxy, and that will connect to Tor.
This is rather a complicated solution, however DansGuardian is the layer
that offers some blocking and stuff.
Execute Privoxy, Tor, and you’re set. Point your browser to
IP-Of-ClearOS:8080 and hit up google.com to see if it works. Remember,
you may want to run these programs with different rights/etc, so think
clearly about what you’re doing.
Please post any conflicts. I understand I’m not the best tutorial’r.
hhahahahahahaah bahasa inggris oy
Gabung yuk! Komunitas Linux ClearOS Indonesia => http://clearos-indonesia.com/
Best of luck!
Gabung yuk! Komunitas Linux ClearOS Indonesia => http://clearos-indonesia.com/