Step 1: Building Tor under illumos
Building Tor is easy as pie. All you need is the libevent src and the Tor src.
Step 2: Setting up an illumos zone
Since illumos inherits all the awesome features of OpenSolaris we can isolate our Tor bridge inside of a zone. We will create a zone with the name "tor".
Before we start we need to create a zfs dataset for our zone. I usually put mine in /export/zones (which itself is a dataset) like so:
[root@lain:~]> zfs create rpool/export/zones/tor
Now, let's set up the zone:
[root@lain:~]> zonecfg -z tor
tor: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:test> create
zonecfg:test> set zonepath=/export/zones/tor
zonecfg:test> verify
zonecfg:test> commit
zonecfg:test> exit
[root@lain:~]> zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- test configured /export/zones/tor ipkg shared
Now we install our virtual illumos inside of the zone, this might take a few minutes.
[root@lain:~]> zoneadm -z tor install
And boot the bugger.
[root@lain:~]> zoneadm -z tor boot
Everything is set up and ready to go. We have a virtual instance of illumos running inside of a container. Time
to log into it.
[root@lain:~]> zlogin -C tor
Step 3: Setup TOR
Time to get serious. After building Tor and putting it into our zone we now need to configure Tor to function as a Bridge Relay. Here we set up our bridge to listen on port 443. Since Tor traffic looks a lot like SSL it's a good place to run. Our
torrc
should look like this:SocksPort 0
ORPort 443
BridgeRelay 1
Exitpolicy reject *:*
I recommend that you set up a tor user to avoid running as root. The problem is that you cannot run run a server on a privileged port when you are a mere user. We can use RBAC to give the tor user a profile that allows it to run services on such ports.
[root@tor:~]> usermod -K defaultpriv=basic,net_privaddr tor
To start up tor simple we simply issue:
[tor@tor:~]> pfexec tor -f torrc
We are ready to go!
If you've got questions or more ideas, leave me a comment.
If you want to know more about the Tor Project, I recommend you this talk:
Keine Kommentare:
Kommentar veröffentlichen