节点控制参考:
#EntryNodes nickname,nickname,...
#A list of preferred nodes to use for the first hop in the circuit, if possible.
#在这里列举优先考虑做入口的节点(和本机直接连接)(昵称)
#
#ExitNodes nickname,nickname,...
#A list of preferred nodes to use for the last hop in the circuit, if possible.
#在这里列举优先考虑做出口的节点(直接连接访问目标)(昵称)
#
#** 前两项是列举优先使用的节点,主要是防止新登记的国内节点被使用,但要多列举一些,不然每次都连接那几个也不好(不够安全或这些节点可能负荷会太重)。
#
#ExcludeNodes nickname,nickname,...
#A list of nodes to never use when building a circuit.
#在这里列举永远不要使用的节点(昵称),在这里设置排除!
#
#StrictExitNodes 0|1
#If 1, Tor will never use any nodes besides those listed in "exitnodes" for the last hop of a circuit.
#设置为 1 要求仅使用列举的出口节点。
#
#StrictEntryNodes 0|1
#If 1, Tor will never use any nodes besides those listed in"entrynodes" for the first hop of a circuit.
#设置为 1 要求仅使用列举的入口节点。
#
#** 这两项是强化设置
2、tor可以设置二级代理吗,比如设置无界的127.0.0.1:9666作为二级代理
可以:
加参数启动:
tart tor.exe -f torrc -HttpProxy 127.0.0.1:9666 -HttpsProxy 127.0.0.1:9666
或者在torrc中添加两行:
HttpProxy 127.0.0.1:9666
HttpsProxy 127.0.0.1:9666
3、tor到底是socks4a还是socks5,为什么sockscap32里是socks5访问tor端口的
sockscap32里是socks5能够远端DNS(我想是这样吧)
最近由於封网加强,有时候动网通自由门等临时失效,作为破网友军tor
就派上用场来这下载新版, 这提供一部份torrc 设定, 来自Linux的tor v0.2.1.20,windows同样有效
UseBridges 0|1
When set, Tor will fetch descriptors for each bridge listed in
the "Bridge" config lines, and use these relays as both entry
guards and directory guards. (Default: 0)
这用来开关网桥, 1 是用网桥,0 不用, 在 torrc 加入 UseBridges 1
Bridge IP:ORPort [fingerprint]
When set along with UseBridges, instructs Tor to use the relay
at "IP:ORPort" as a "bridge" relaying into the Tor network. If
"fingerprint" is provided (using the same format as for
DirServer), we will verify that the relay running at that loca-
tion has the right fingerprint. We also use fingerprint to look
up the bridge descriptor at the bridge authority, if it's pro-
vided and if UpdateBridgesFromAuthority is set too.
加入网桥的格式
Bridge xxx.xxx.xxx.xxx:端口 , xxx.xxx.xxx.xxx是网桥IP, ex
Bridge 123.123.456.8:3128
ExcludeNodes node,node,...
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes to never use when building a circuit.
(Example: ExcludeNodes SlowServer, $ABCDEFFFFFFFFFFFFFFF, {cc},
255.254.0.0/8)
用来排除节点,如中国,香港,澳门等, ex
ExcludeNodes {CN},{HK},{MO}
GeoIPFile filename
A filename containing GeoIP data, for use with BridgeRecor-
dUsageByCountry.
使用排除节点的档案, ex
GeoIPFile /etc/tor/geoip , 就會看到TOR啟動時會出現 Prasing Geoip file...
geoip 在这里下载
http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip , 下载回来要转换格式, 为了方便我写了个bash脚本做这事,因不会写批次档,请网友改写
#! /bin/bash
# get tor geoip file
url="http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip"
geoipfile=${url##*/}
csv=${geoipfile%.*}
if wget -q "$url"
then
ret=0
unzip -q "$geoipfile"
cut -d, -f1-3 < "$csv" | sed 's/"//g' > geoip
else
ret=5
fi
if [ -f "$geoipfile" ] && [ -f "$csv" ]
then
rm -f "$geoipfile" "$csv"
fi
if [ $ret -eq 0 ]
then
echo -e "geoip is created, use: sudo mv geoip /etc/tor/
or mv geoip $HOME/.vidalia/\n"
else
echo "Failed to create geoip file."
fi
exit $ret
ExcludeExitNodes node,node,...
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes to never use when picking an exit
node. Note that any node listed in ExcludeNodes is automati-
cally considered to be part of this list.
EntryNodes node,node,...
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes to use for the first hop in the
circuit. These are treated only as preferences unless StrictEn-
tryNodes (see below) is also set.
ExitNodes node,node,...
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes to use for the last hop in the cir-
cuit. These are treated only as preferences unless StrictExitN-
odes (see below) is also set.
都是用来设定出口入口排除节点的选项,格式和上面一样,要用上 geoip file
StrictEntryNodes 0|1
If 1, Tor will never use any nodes besides those listed in
"EntryNodes" for the first hop of a circuit.
StrictExitNodes 0|1
If 1, Tor will never use any nodes besides those listed in
"ExitNodes" for the last hop of a circuit.
这两个是控制出入口节点开关
UpdateBridgesFromAuthority 0|1
When set (along with UseBridges), Tor will try to fetch bridge
descriptors from the configured bridge authorities when feasi-
ble. It will fall back to a direct request if the authority
responds with a 404. (Default: 0)
这个用来更新网桥的资讯
DNSPort PORT
If non-zero, Tor listens for UDP DNS requests on this port and
resolves them anonymously. (Default: 0).
DNSListenAddress IP[:PORT]
Bind to this address to listen for DNS connections. (Default:
127.0.0.1).
ClientDNSRejectInternalAddresses 0|1
If true, Tor does not believe any anonymously retrieved DNS
answer that tells it that an address resolves to an internal
address (like 127.0.0.1 or 192.168.0.1). This option prevents
certain browser-based attacks; don't turn it off unless you know
what you're doing. (Default: 1)
这三个用来设定DNS server, 但我沒用過
HTTPProxy host[:port]
Tor will make all its directory requests through this host:port
(or host:80 if port is not specified), rather than connecting
directly to any directory servers.
HTTPProxyAuthenticator username:password
If defined, Tor will use this username:password for Basic HTTP
proxy authentication, as in RFC 2617. This is currently the only
form of HTTP proxy authentication that Tor supports; feel free
to submit a patch if you want it to support others.
HTTPSProxy host[:port]
Tor will make all its OR (SSL) connections through this
host:port (or host:443 if port is not specified), via HTTP CON-
NECT rather than connecting directly to servers. You may want
to set FascistFirewall to restrict the set of ports you might
try to connect to, if your HTTPS proxy only allows connecting to
certain ports.
HTTPSProxyAuthenticator username:password
If defined, Tor will use this username:password for Basic HTTPS
proxy authentication, as in RFC 2617. This is currently the only
form of HTTPS proxy authentication that Tor supports; feel free
to submit a patch if you want it to support others.
这几项是用代理连接TOR网路,我最近没用网桥,改用 https 代理, ex
HTTPSProxy 192.168.0.5:80 , 我用公共的代理, HTTPSProxyAuthenticator
这个就不需要
以 上希望对网友有点用,如有错误,请指出,因小弟不是TOR专家,此外希望网友别公开网桥地址,因为流量太多指向一个入口,会给分释出来,这桥就封 了,tor官方给的网桥每个人不一定相同,就是避免过多流量, 取得网桥可用gmail发给bridges@torproject.org 通常一两分钟内可取得网桥,或者用在线加密代理,其它翻墙工具登录 bridges.torproject.org就可以
就派上用场来这下载新版, 这提供一部份torrc 设定, 来自Linux的tor v0.2.1.20,windows同样有效
UseBridges 0|1
When set, Tor will fetch descriptors for each bridge listed in
the "Bridge" config lines, and use these relays as both entry
guards and directory guards. (Default: 0)
这用来开关网桥, 1 是用网桥,0 不用, 在 torrc 加入 UseBridges 1
Bridge IP:ORPort [fingerprint]
When set along with UseBridges, instructs Tor to use the relay
at "IP:ORPort" as a "bridge" relaying into the Tor network. If
"fingerprint" is provided (using the same format as for
DirServer), we will verify that the relay running at that loca-
tion has the right fingerprint. We also use fingerprint to look
up the bridge descriptor at the bridge authority, if it's pro-
vided and if UpdateBridgesFromAuthority is set too.
加入网桥的格式
Bridge xxx.xxx.xxx.xxx:端口 , xxx.xxx.xxx.xxx是网桥IP, ex
Bridge 123.123.456.8:3128
ExcludeNodes node,node,...
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes to never use when building a circuit.
(Example: ExcludeNodes SlowServer, $ABCDEFFFFFFFFFFFFFFF, {cc},
255.254.0.0/8)
用来排除节点,如中国,香港,澳门等, ex
ExcludeNodes {CN},{HK},{MO}
GeoIPFile filename
A filename containing GeoIP data, for use with BridgeRecor-
dUsageByCountry.
使用排除节点的档案, ex
GeoIPFile /etc/tor/geoip , 就會看到TOR啟動時會出現 Prasing Geoip file...
geoip 在这里下载
http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip , 下载回来要转换格式, 为了方便我写了个bash脚本做这事,因不会写批次档,请网友改写
#! /bin/bash
# get tor geoip file
url="http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip"
geoipfile=${url##*/}
csv=${geoipfile%.*}
if wget -q "$url"
then
ret=0
unzip -q "$geoipfile"
cut -d, -f1-3 < "$csv" | sed 's/"//g' > geoip
else
ret=5
fi
if [ -f "$geoipfile" ] && [ -f "$csv" ]
then
rm -f "$geoipfile" "$csv"
fi
if [ $ret -eq 0 ]
then
echo -e "geoip is created, use: sudo mv geoip /etc/tor/
or mv geoip $HOME/.vidalia/\n"
else
echo "Failed to create geoip file."
fi
exit $ret
ExcludeExitNodes node,node,...
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes to never use when picking an exit
node. Note that any node listed in ExcludeNodes is automati-
cally considered to be part of this list.
EntryNodes node,node,...
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes to use for the first hop in the
circuit. These are treated only as preferences unless StrictEn-
tryNodes (see below) is also set.
ExitNodes node,node,...
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes to use for the last hop in the cir-
cuit. These are treated only as preferences unless StrictExitN-
odes (see below) is also set.
都是用来设定出口入口排除节点的选项,格式和上面一样,要用上 geoip file
StrictEntryNodes 0|1
If 1, Tor will never use any nodes besides those listed in
"EntryNodes" for the first hop of a circuit.
StrictExitNodes 0|1
If 1, Tor will never use any nodes besides those listed in
"ExitNodes" for the last hop of a circuit.
这两个是控制出入口节点开关
UpdateBridgesFromAuthority 0|1
When set (along with UseBridges), Tor will try to fetch bridge
descriptors from the configured bridge authorities when feasi-
ble. It will fall back to a direct request if the authority
responds with a 404. (Default: 0)
这个用来更新网桥的资讯
DNSPort PORT
If non-zero, Tor listens for UDP DNS requests on this port and
resolves them anonymously. (Default: 0).
DNSListenAddress IP[:PORT]
Bind to this address to listen for DNS connections. (Default:
127.0.0.1).
ClientDNSRejectInternalAddresses 0|1
If true, Tor does not believe any anonymously retrieved DNS
answer that tells it that an address resolves to an internal
address (like 127.0.0.1 or 192.168.0.1). This option prevents
certain browser-based attacks; don't turn it off unless you know
what you're doing. (Default: 1)
这三个用来设定DNS server, 但我沒用過
HTTPProxy host[:port]
Tor will make all its directory requests through this host:port
(or host:80 if port is not specified), rather than connecting
directly to any directory servers.
HTTPProxyAuthenticator username:password
If defined, Tor will use this username:password for Basic HTTP
proxy authentication, as in RFC 2617. This is currently the only
form of HTTP proxy authentication that Tor supports; feel free
to submit a patch if you want it to support others.
HTTPSProxy host[:port]
Tor will make all its OR (SSL) connections through this
host:port (or host:443 if port is not specified), via HTTP CON-
NECT rather than connecting directly to servers. You may want
to set FascistFirewall to restrict the set of ports you might
try to connect to, if your HTTPS proxy only allows connecting to
certain ports.
HTTPSProxyAuthenticator username:password
If defined, Tor will use this username:password for Basic HTTPS
proxy authentication, as in RFC 2617. This is currently the only
form of HTTPS proxy authentication that Tor supports; feel free
to submit a patch if you want it to support others.
这几项是用代理连接TOR网路,我最近没用网桥,改用 https 代理, ex
HTTPSProxy 192.168.0.5:80 , 我用公共的代理, HTTPSProxyAuthenticator
这个就不需要
以 上希望对网友有点用,如有错误,请指出,因小弟不是TOR专家,此外希望网友别公开网桥地址,因为流量太多指向一个入口,会给分释出来,这桥就封 了,tor官方给的网桥每个人不一定相同,就是避免过多流量, 取得网桥可用gmail发给bridges@torproject.org 通常一两分钟内可取得网桥,或者用在线加密代理,其它翻墙工具登录 bridges.torproject.org就可以
没有评论:
发表评论