[nycbug-talk] pfsense and tor

George Rosamond george at ceetonetechnology.com
Fri Jul 5 00:14:56 EDT 2013 

fastgoldfish at gmail.com:
> I was referred to some more information about configuring
> FreeBSD/pfSense for use with Tor, but most of it is over my head for
> now:
> 
> http://lists.freebsd.org/pipermail/freebsd-questions/2009-March/194405.html
> 
> That was shared with me by idwer in Freenode's ##pfsense. It looks to
> me that what is being described there is not merely a transparent
> proxy, but instead actually a more thorough isolating proxy. The two
> kinds are described here:
> 
> https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
> https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IsolatingProxy
> 
> It looks like it's not so straightforward as I thought it would be.
> Installing Tor on pfSense and setting up some trivial routing rules
> isn't all there is to it, and it's a little out of my league for now.
> When the proper pfSense package for Tor is available, the system
> configuration prerequisites will already be handled. Then, maybe the
> problem will be reduced to the simpler routing setup that I was
> originally expecting.
> 
> I hope this info helps.


Thanks Fish.

I can tell you that I have tabled it for the rest of the week, but have
Tor running fine on pfSense as a pkg install.

I think the initial goal is just to get pfSense running as a
relay/bridge/whatever for now.  The idea is to bump the number of Tor nodes.

And I mean, with the pfSense interface, add the pkg, click enable, and
deal with a handful of settings.  Let's lower the bar of entry while
providing real relay functionality.

Performing transparent proxying is a further "phase II" in my opinion.
That is a larger project for a variety of reasons, and not immediate in
need for other reasons.

First, just setup SOCKS on a Tor relay manually.. and configure clients
to use it.

Second, the problem with a number of "all-in-one" systems which attempt
to integrate Tor proxying is they really try to do too much without
scaling the functions.  Let's get the basics operational and 'out in the
wild' in production before we try to satisfy every need.  I'd like to
see a real user base for a pfSense Tor package that allows us to
recognize any potential issues.

BTW, it *may* be more appropriate to have these discussions on our
Tor-BSD list (lists.nycbug.org).

g

More information about the talk mailing list