Basic Steps
If you want to help the Tor network grow and create your own proxy to use with the RoutingPacketsIsNotACrime PAC files then these instructions should get you started. If you don't already have a dedicated server consider visiting DigitalOcean, Amazon EC2 or for some really good deals check LowEndBox.com. For various reasons I would suggest hosting the server outside of the UK but that is a choice for you to make.
CentOS 6
Install EPEL
wget http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm yum install epel-release-6-8.noarch.rpm
Edit iptables
vim /etc/sysconfig/iptablesAllow the ORPort and the proxy port (in this case 9001 and 9150)
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 9001 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 9150 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMITSave and quit
/etc/init.d/iptables restartIf your server has IPv6 then make similar changes to ip6tables
Editing torrc
vim /etc/tor/torrcA minimal torrc for use with a PAC file style proxy would look similar to the below (although you should read all the options to understand what you are doing);
SocksPort xx.xx.xx.xx:9150 ORPort 9001 Nickname TheNameOfYourRelay ContactInfo YourContactDetails ExitPolicy reject *:*xx.xx.xx.xx should be a routeable IP (e.g. not 127.0.0.1) of your server, if you want to keep your relay server partially private you might want to add PublishServerDescriptor 0 to your config too.
There is no security here, if someone port scanned your server then they would see that it is an open proxy and could use it to do nasty things that people will blame you for!
If your Tor relay is on a public IP (e.g. not 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16) then you may want to restrict the IPTables allow rule to only allow your source IP addresses
If your Tor relay is on a public IP (e.g. not 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16) then you may want to restrict the IPTables allow rule to only allow your source IP addresses
Start Tor & Confirm it is working
/etc/init.d/tor start tail -f /var/log/messagesYou should see something along the lines of;
socks Tor[31452]: Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. socks Tor[31452]: Bootstrapped 85%: Finishing handshake with first hop. socks Tor[31452]: Bootstrapped 90%: Establishing a Tor circuit. socks Tor[31452]: Tor has successfully opened a circuit. Looks like client functionality is working. socks Tor[31452]: Bootstrapped 100%: Done. socks Tor[31452]: Performing bandwidth self-test...done.
Windows
Follow the tutorial on Securely Installing Tor on Windows to get the full Tor Browser bundle up and running. Once installed and started Tor will be running on localhost:9150 (do not close the Tor Browser as this will also close the relay)Done!
Assuming you have chosen the URLs you wanted by creating a PAC file you can now browse to the URLs that were previously censored as they are now being routed over Tor. Any non-restricted URLs will route over your normal Internet connection.
Heads up! Whilst tor will prevent your ISP and the Government from easily snooping on your traffic the exit node operator and a determined state power adversary will be able to expose you if you aren't careful.
Ensure you read up on how to protect your privacy when using Tor.
Ensure you read up on how to protect your privacy when using Tor.
Configuring Browsers
Instructions for configuring browsers are below;
If you need help with any other browsers you can send an email to Security@RoutingPacketsIsNotACrime.uk, or tweet to @PacketFlagon or jump on #RoutingPacketsIsNotACrime on freenode.