最近由於封网加强,有时候动网通自由门等临时失效,作为破网友军tor
就派上用场来这下载新版, 这提供一部份torrc 设定, 来自Linux的tor v0.2.1.20,windows同样有效
UseBridges 0|1
When set, Tor will fetch descriptors for each bridge listed in
the "Bridge" config lines, and use these relays as both entry
guards and directory guards. (Default: 0)
这用来开关网桥, 1 是用网桥,0 不用, 在 torrc 加入 UseBridges 1
Bridge IP:ORPort [fingerprint]
When set along with UseBridges, instructs Tor to use the relay
at "IP:ORPort" as a "bridge" relaying into the Tor network. If
"fingerprint" is provided (using the same format as for
DirServer), we will verify that the relay running at that loca-
tion has the right fingerprint. We also use fingerprint to look
up the bridge descriptor at the bridge authority, if it's pro-
vided and if UpdateBridgesFromAuthority is set too.
加入网桥的格式
Bridge xxx.xxx.xxx.xxx:端口 , xxx.xxx.xxx.xxx是网桥IP, ex
Bridge 123.123.456.8:3128
ExcludeNodes node,node,...
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes to never use when building a circuit.
(Example: ExcludeNodes SlowServer, $ABCDEFFFFFFFFFFFFFFF, {cc},
255.254.0.0/8)
用来排除节点,如中国,香港,澳门等, ex
ExcludeNodes {CN},{HK},{MO}
GeoIPFile filename
A filename containing GeoIP data, for use with BridgeRecor-
dUsageByCountry.
使用排除节点的档案, ex
GeoIPFile /etc/tor/geoip , 就會看到TOR啟動時會出現 Prasing Geoip file...
geoip 在这里下载
http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip , 下载回来要转换格式, 为了方便我写了个bash脚本做这事,因不会写批次档,请网友改写
#! /bin/bash
# get tor geoip file
url="http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip"
geoipfile=${url##*/}
csv=${geoipfile%.*}
if wget -q "$url"
then
ret=0
unzip -q "$geoipfile"
cut -d, -f1-3 < "$csv" | sed 's/"//g' > geoip
else
ret=5
fi
if [ -f "$geoipfile" ] && [ -f "$csv" ]
then
rm -f "$geoipfile" "$csv"
fi
if [ $ret -eq 0 ]
then
echo -e "geoip is created, use: sudo mv geoip /etc/tor/
or mv geoip $HOME/.vidalia/\n"
else
echo "Failed to create geoip file."
fi
exit $ret
ExcludeExitNodes node,node,...
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes to never use when picking an exit
node. Note that any node listed in ExcludeNodes is automati-
cally considered to be part of this list.
EntryNodes node,node,...
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes to use for the first hop in the
circuit. These are treated only as preferences unless StrictEn-
tryNodes (see below) is also set.
ExitNodes node,node,...
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes to use for the last hop in the cir-
cuit. These are treated only as preferences unless StrictExitN-
odes (see below) is also set.
都是用来设定出口入口排除节点的选项,格式和上面一样,要用上 geoip file
StrictEntryNodes 0|1
If 1, Tor will never use any nodes besides those listed in
"EntryNodes" for the first hop of a circuit.
StrictExitNodes 0|1
If 1, Tor will never use any nodes besides those listed in
"ExitNodes" for the last hop of a circuit.
这两个是控制出入口节点开关
UpdateBridgesFromAuthority 0|1
When set (along with UseBridges), Tor will try to fetch bridge
descriptors from the configured bridge authorities when feasi-
ble. It will fall back to a direct request if the authority
responds with a 404. (Default: 0)
这个用来更新网桥的资讯
DNSPort PORT
If non-zero, Tor listens for UDP DNS requests on this port and
resolves them anonymously. (Default: 0).
DNSListenAddress IP[:PORT]
Bind to this address to listen for DNS connections. (Default:
127.0.0.1).
ClientDNSRejectInternalAddresses 0|1
If true, Tor does not believe any anonymously retrieved DNS
answer that tells it that an address resolves to an internal
address (like 127.0.0.1 or 192.168.0.1). This option prevents
certain browser-based attacks; don't turn it off unless you know
what you're doing. (Default: 1)
这三个用来设定DNS server, 但我沒用過
HTTPProxy host[:port]
Tor will make all its directory requests through this host:port
(or host:80 if port is not specified), rather than connecting
directly to any directory servers.
HTTPProxyAuthenticator username:password
If defined, Tor will use this username:password for Basic HTTP
proxy authentication, as in RFC 2617. This is currently the only
form of HTTP proxy authentication that Tor supports; feel free
to submit a patch if you want it to support others.
HTTPSProxy host[:port]
Tor will make all its OR (SSL) connections through this
host:port (or host:443 if port is not specified), via HTTP CON-
NECT rather than connecting directly to servers. You may want
to set FascistFirewall to restrict the set of ports you might
try to connect to, if your HTTPS proxy only allows connecting to
certain ports.
HTTPSProxyAuthenticator username:password
If defined, Tor will use this username:password for Basic HTTPS
proxy authentication, as in RFC 2617. This is currently the only
form of HTTPS proxy authentication that Tor supports; feel free
to submit a patch if you want it to support others.
这几项是用代理连接TOR网路,我最近没用网桥,改用 https 代理, ex
HTTPSProxy 192.168.0.5:80 , 我用公共的代理, HTTPSProxyAuthenticator
这个就不需要
以上希望对网友有点用,如有错误,请指出,因小弟不是TOR专家,此外希望网友别公开网桥地址,因为流量太多指向一个入口,会给分释出来,这桥就封了,tor官方给的网桥每个人不一定相同,就是避免过多流量, 取得网桥可用gmail发给bridges@torproject.org 通常一两分钟内可取得网桥,或者用在线加密代理,其它翻墙工具登录 bridges.torproject.org就可以
你也是LINUX系统啊?我在LINUX系统里面还不太会用TOR
LINUX下面排除节点很麻烦,你讲的不太清楚
因为tor是开源的,中共封锁起来也难也容易。
国内网桥就是监控谁在使用的一个证明。
敏感人士就不要用了。
引用自: 逝者如斯夫斯基 于 十二月 28, 2009, 05:10:35 上午
你也是LINUX系统啊?我在LINUX系统里面还不太会用TOR
我的Ubuntu Box 沒有vidalia, 或者你可看一下我的 torrc
~$ sed '/^#/d' /etc/tor/torrc
SocksPort 9050 # what port to open for local application connections
SocksListenAddress 127.0.0.1 # accept connections only from localhost
ClientOnly 0 #只作客戶
MaxCircuitDirtiness 450
UpdateBridgesFromAuthority 1
ExcludeNodes {CN},{HK},{MO} #這個是排除中國,香港,澳門的節點
GeoIPFile /etc/tor/geoip #這個是我存放 geoip 的地方
httpsproxy 208.XXX.XX.34:80 # 這個是我的https 代理
如果是Win32, 把geoip 檔案放到和 torrc同一文件夾, 改為
GeoIPFile .\geoip
在linux 下可用 tail -f /var/log/tor/log 監視訊息, 這是我現在的訊息
~$ tail -f /var/log/tor/log
Jan 01 12:15:29.440 [notice] Bootstrapped 100%: Done.
Jan 01 12:15:47.328 [notice] Interrupt: exiting cleanly.
Jan 01 12:15:49.378 [notice] Tor 0.2.1.20 opening log file.
Jan 01 12:15:49.383 [notice] Parsing GEOIP file.
Jan 01 12:15:51.447 [notice] We now have enough directory information to build circuits.
Jan 01 12:15:51.447 [notice] Bootstrapped 80%: Connecting to the Tor network.
Jan 01 12:15:51.720 [notice] Bootstrapped 85%: Finishing handshake with first hop.
Jan 01 12:15:55.566 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Jan 01 12:15:58.506 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jan 01 12:15:58.506 [notice] Bootstrapped 100%: Done.
Jan 01 12:16:15.000 [notice] Our directory information is no longer up-to-date enough to build circuits: We have only 128/1448 usable descriptors.
Jan 01 12:16:15.000 [notice] I learned some more directory information, but not enough to build a circuit: We have only 128/1448 usable descriptors.
Jan 01 12:16:17.258 [notice] I learned some more directory information, but not enough to build a circuit: We have only 224/1448 usable descriptors.
Jan 01 12:16:21.176 [notice] I learned some more directory information, but not enough to build a circuit: We have only 320/1448 usable descriptors.
Jan 01 12:16:21.288 [notice] We now have enough directory information to build circuits.
Jan 01 12:20:56.617 [notice] Received reload signal (hup). Reloading config and resetting internal state.
~$ tail -f /var/log/tor/log
Jan 01 12:20:56.619 [notice] Tor 0.2.1.20 opening new log file.
Ubuntu 的tor 我是開機啟動的
引用自: 宗师 于 十二月 29, 2009, 11:44:50 上午
因为tor是开源的,中共封锁起来也难也容易。
国内网桥就是监控谁在使用的一个证明。
敏感人士就不要用了。
我的tor 從沒被封鎖過,網橋隱密性很高,只要大家不要像Twitter有些推友一樣,天天
公佈網橋地址,以為會用網橋就是高手,這樣橋不會同一時間大量流量從那網橋進入,就不會那麼容易分釋出來那是網橋,中港澳門網橋自己可查一下橋的地址,就可
避免了,
#! /usr/bin/perl
# geo info of given ip, public domain
# usage: geoip [given ip]
use strict;
use warnings;
use LWP::Simple;
use File::Basename;
my $name = basename($0);
my $usage = "Usage:\t $name ip";
my $ip = $ARGV[0] || die "$usage\n";
my $url = "http://www.geody.com/geoip.php?ip=${ip}";
my $search = get($url) or die "Could not open $url: $!\n";
my @search = split /\n/, $search;
my @city = grep /^IP:/, @search;
my $city = join " ", @city;
$city=~ s/<[^>]+>//g;
print "$city\n";
這perl 腳本可幫助找出IP所在地,我之前已發過
安全性方面我一向認為open source 比 close source 更安全,代碼千百人研讀過,至
少木馬這個情形不會有,軟件自己的bug或不安全性設計更容易發現, 你怎可肯定任可破網軟件沒有被破解監視?GFW不會告訴你的,
以前以为linux里面没有vidalia,所以我觉得用起来不方便。
刚才我搜索了一下,发现可以安装。
输入命令 sudo apt-get install vidalia就可以安装了。
还有一个torK,也是图形界面,排除节点相当方便。
既然LINUX下面有图形界面,用起来跟WINDOWS一样了。
现在装的是ubuntu 9.10。
是和Windows一样的vidalia,不过我一向不用,在windows也是即接改torrc,排除节点我一定用geoip档,那个下载的URL就是 TOR用的geoip档,我自己会一星期左右更新一次,
这样比较更新得快,如果有更精细的,也可改成TOR的格式使用,我不知TOR内里有没更新 geoip file
引用自: twfcc 于 一月 02, 2010, 03:00:12 下午
是和Windows一样的vidalia,不过我一向不用,在windows也是即接改torrc,排除节点我一定用geoip档,那个下载的URL就是 TOR用的geoip档,我自己会一星期左右更新一次,
这样比较更新得快,如果有更精细的,也可改成TOR的格式使用,我不知TOR内里有没更新 geoip file
楼主这么喜欢更新??geoip挡官方一个月也才更新一次
很多时候比较新旧档是不同的,这我也是用corntab 完成的,不费甚麽事