Archive for October 1st, 2012

How to configure Tor Public server on Debian Linux and FreeBSD

Monday, October 1st, 2012

Tor onion running public server on FreeBSD and Debian Ubuntu Gnu / Linux

I like configuring publicly accessible tor on hosts which I own, the reason is because I like very much and want to support the good initiative of Tor Onion Project.

Anonymity on the Internet is becoming harder day after day thus I believe any freedom respecting person should do his best to support any project that aims to help us be anonymous on the net.

Installing even one Tor server at home makes difference and makes Tor Network better. So if you have a spare internet connection somewhere, I kindly ask you start a tor server! Help Tor Project grow – Help protect our anonimity 🙂

After the loud “speech”, here is in short how easy it is to configure Tor Server on Linux and BSD.
Keep in mind installing it as pointed below makes Tor server automatically becomes part of Tor Nodes Network; next time you use tor it is likely you use tor via your own node 🙂

1. Install tor debian package


apt-get --yes install tor

2. Set proper torrc configuration in /etc/tor/torrc

Edit /etc/tor/torrc and place something like:


SocksPort 0 # what port to open for local application connections
SocksListenAddress 127.0.0.1 # accept connections only from localhost
## Required: A unique handle for this server
Nickname pcfreak
ORPort 9001
ExitPolicy reject *:6660-6667,reject *:*
ExitPolicy reject *:* # middle node only -- no exits allowed
# See http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#Hibernation
# We have 400GB of traffic per month
# We want that to be about 150GB per week
BandwidthRate 50 KB
BandwidthBurst 1MB
AccountingStart week 1 00:00
AccountingMax 150 GB
DataDirectory /var/lib/tor
RunAsDaemon 1
ContactInfo hip0

3. Allow port in iptables firewall 9001


/sbin/iptables -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --dport 9001 -j ACCEPT

You might want to permanetly store new iptables settings i.e.:


# iptables-save > /root/iptables.tor.save

4. Restart tor server


# /etc/init.d/tor restart
Run telnet or / nmap to test if your host is reachable via port 9001.


# telnet www.pc-freak.net 9001
Trying 83.228.93.76...
Connected to www.pc-freak.net.
Escape character is '^]'.
Connection closed by foreign host.

Installing Tor Public server on FreeBSD.
Installing tor onion server on FreeBSD is equivalent:


freebsd# cd /usr/ports/security/tor
freebsd# make install && make install clean

Then use you can use exactly same torrc config like in above example it works identically on Linux and BSD.
Here you get same working torrc

On FreeBSD tor is stopped started via /usr/local/etc/rc.d/tor start/stop init script:

Restart it and you’re done on BSD too:


freebsd# /usr/local/etc/rc.d/tor restart
...

Another thing is to allow port 9001, config with packet filter (pf) /etc/pf.conf should be something like:


EXT_IP="192.168.0.2"
EXT_NIC="em0"
pass out log quick on $EXT_NIC proto TCP from any to $EXT_IP port 9001 flags $SYN_ONLY keep state

Once pf options are in restart pf.conf;


freebsd# pfctl -d
No ALTQ support in kernel
ALTQ related functions disabled
freebsd# pfctl -e -f /etc/pf.conf
No ALTQ support in kernel
ALTQ related functions disabled

Enjoy sharing your internet bandwidth with rest of Tor Project network 🙂

Tags: , , , , ,
Posted in Computer Security, System Administration | 1 Comment »

How to install Adobe FlashPlayer Firefox browser plugin on FreeBSD 7.2 and higher

Monday, October 1st, 2012

Install linux_base FreeBSD port either using binary pre-compiled one or compiling via port tree.

1. Install and set up linux_base to load on FreeBSD boot


freebsd# pkg_add -vr linux_base
Opening BINARY mode data connection for linux_base.tbz (31858826 bytes).
Fetching ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/i386/packages-7.2-release/Latest/linux_base.tbz...^CSignal 2 received, cleaning up..

Or via port tree with cmd:


cd /usr/ports/emulators/linux_base-f10 && make install clean

Next add linprocfs to /etc/fstab:


freebsd# echo 'linproc /compat/linux/proc linprocfs rw 0 0' >> /etc/fstab

Mount linproc virtual filesystem:


freebsd# mount -a

2. Set linux_base to auto load on startup via /etc/rc.conf


echo 'linux_enable="YES"' >> /etc/rc.conf

3. Install other libraries on which ndislpuginwrapper and flash player depend

For me it was necessery to install linux-pango and linux-tiff, which were missing. For other people it is likely other packages on which flash pluguin and ndispluginwrapper is dependent to be missing. If that’s your case just install the required ones pkg_add-ing them 🙂


pkg_add -vr linux-pango
....
pkg_add -vr linux-tiff
....

4. Start ABI emulation and set sysctl linux variables

Make sure ABI Linux Binaries is enabled and sysctl variables for the emulated Linux kernel (via fbsd external module) are started:


freebsd# /etc/rc.d/abi start
Additional ABI support: linux.
freebsd# /etc/rc.d/sysctl start
kern.maxfiles: 50000 -> 65535
kern.maxfilesperproc: 50000 -> 12000
kern.maxfilesperproc: 12000 -> 50000
kern.maxfiles: 65535 -> 50000

5. Set some shell and sysctl variables before installing ndiswrapper and flash player

Export OVERRIDE_LINUX_BASE_PORT and OVERRIDE_LINUX_NONBASE_PORTS shell variables before installing the respective flash player. I install flash player 10 which is relatively stable on FBSD for newer flash plugins, change the var to whatever FP version.


freebsd# setenv OVERRIDE_LINUX_BASE_PORT f10
freebsd# setenv OVERRIDE_LINUX_NONBASE_PORTS f10

It is also needed to set compat.linux.osrelease=2.6.19 sysctl variable.


freebsd# sysctl compat.linux.osrelease=2.6.19

6. Install from ports ndispluginwrapper and flashplugin 10

Now installing the Flashplayer is done via flash plugin port and nspluginwrapper:


freebsd# cd /usr/ports/www/linux-f10-flashplugin10 && make install clean
....
freebsd# cd /usr/ports/www/nspluginwrapper && make install clean
....

BTW, nspluginwrapper is required because the flash player is not natively compiled to run on FreeBSD but a Linux binary.

It is also good idea to add OVERRIDE_LINUX_BASE_PORT=f10, OVERRIDE_LINUX_NONBASE_PORTS=f10 to /etc/make.conf to make the settings permanent:


freebsd# echo 'OVERRIDE_LINUX_BASE_PORT=f10' >> /etc/make.conf
freebsd# echo 'OVERRIDE_LINUX_NONBASE_PORTS=f10' >> /etc/make.conf

7. Adding Firefox, Opera flash plugin support for users

If after installing flash plugin and restarting GNOME in a certain user still t

Tags: , , , , ,
Posted in FreeBSD | Comments Off on How to install Adobe FlashPlayer Firefox browser plugin on FreeBSD 7.2 and higher