diff options
Diffstat (limited to 'packages/torouter-prep/configs')
-rw-r--r-- | packages/torouter-prep/configs/047E6A24.asc | 19 | ||||
-rw-r--r-- | packages/torouter-prep/configs/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key | bin | 0 -> 3742 bytes | |||
-rw-r--r-- | packages/torouter-prep/configs/apt-preferences.d-backports | 3 | ||||
-rw-r--r-- | packages/torouter-prep/configs/apt.conf | 1 | ||||
-rw-r--r-- | packages/torouter-prep/configs/armrc.sample.gz | bin | 0 -> 3633 bytes | |||
-rw-r--r-- | packages/torouter-prep/configs/dnsmasq.conf | 3 | ||||
-rw-r--r-- | packages/torouter-prep/configs/inittab | 70 | ||||
-rw-r--r-- | packages/torouter-prep/configs/interfaces | 10 | ||||
-rw-r--r-- | packages/torouter-prep/configs/modprobe.d-blacklist.conf | 26 | ||||
-rw-r--r-- | packages/torouter-prep/configs/ntp.conf | 55 | ||||
-rw-r--r-- | packages/torouter-prep/configs/sources.list | 3 | ||||
-rw-r--r-- | packages/torouter-prep/configs/torrc | 31 | ||||
-rwxr-xr-x | packages/torouter-prep/configs/ttdnsd-default | 17 |
13 files changed, 218 insertions, 20 deletions
diff --git a/packages/torouter-prep/configs/047E6A24.asc b/packages/torouter-prep/configs/047E6A24.asc new file mode 100644 index 0000000..e2a8303 --- /dev/null +++ b/packages/torouter-prep/configs/047E6A24.asc @@ -0,0 +1,19 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +mQENBE5MF30BCACy2Ywqme78KCxY0qEXxm0vpBYe9X2kTdaJMS65tLfjbuHJ+WO4 +OKCJ5AJc7NMvZGpVucn4JPTRN34oReXzYWrlm0yfmqnRHm9sEJhDqNbSV6RML+9E +oikxj6w6uboVEnrbLPzsWEcSze28dLcqVzDMm3aHO0erjBMlUEN4a7rrU0MDf+SH +4rz0kkEaBj8gzX+cJQEU5uIdlcINFtL34cNIZPAB3O2ZOjvrDbWJcI6wG/ZfefDk +2z98eSzhJfTWKsjnPmSsp7QTu+lj+mJN7BBoLILLJ+xq1XPJfigiuQucK3k2xMBv +eYEpK+11af6/bt5+yQec8dyH7+feYnpY2gW9ABEBAAG0H3RvcnJvdXRlciBhcmNo +aXZlIGtleSAoMjAxMS0wOCmJAT4EEwECACgFAk5MF30CGwMFCQDtTgAGCwkIBwMC +BhUIAgkKCwQWAgMBAh4BAheAAAoJEJGCGDUEfmokfYEH/RzFD2x5j1kJ+1+F2pTN +bTochEBvT4gsKCcuT+i7Q4FaorVCePoAyjcW3HBGBNf6G0a37KmtPoQBqXZ2wxVN +7SDFFG4nH27z+OdkrZkUmwnjr3O5QskMuiOfkvpD0aRKvmB/MznxjBW9brJr63Gx +IGkdvvZad2V4+jEwTWiOAodWbYGX9A5CgWUL+SHFhsLe3B3ZMrvgbReJqbOGRBTR +nGWYjLH5K0lNLPNb8spKOxT/h5gKib9p5680hQG672n9EJGixfmvrCQF/3cqy2SG +CmfX5Tt7+l/C6LfyaHWHsQsjqVtCmwPjfQ1sRa1S9UPXjrZb/54kDUHfpUByB/ab +kGU= +=ZXbM +-----END PGP PUBLIC KEY BLOCK----- diff --git a/packages/torouter-prep/configs/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key b/packages/torouter-prep/configs/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key Binary files differnew file mode 100644 index 0000000..5b6a4d3 --- /dev/null +++ b/packages/torouter-prep/configs/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key diff --git a/packages/torouter-prep/configs/apt-preferences.d-backports b/packages/torouter-prep/configs/apt-preferences.d-backports new file mode 100644 index 0000000..8e9275b --- /dev/null +++ b/packages/torouter-prep/configs/apt-preferences.d-backports @@ -0,0 +1,3 @@ +Package: * +Pin: release a=squeeze-backports +Pin-Priority: 200 diff --git a/packages/torouter-prep/configs/apt.conf b/packages/torouter-prep/configs/apt.conf new file mode 100644 index 0000000..4143a94 --- /dev/null +++ b/packages/torouter-prep/configs/apt.conf @@ -0,0 +1 @@ +APT::Default-Release "stable"; diff --git a/packages/torouter-prep/configs/armrc.sample.gz b/packages/torouter-prep/configs/armrc.sample.gz Binary files differnew file mode 100644 index 0000000..c86b6f1 --- /dev/null +++ b/packages/torouter-prep/configs/armrc.sample.gz diff --git a/packages/torouter-prep/configs/dnsmasq.conf b/packages/torouter-prep/configs/dnsmasq.conf index 8845e80..2711486 100644 --- a/packages/torouter-prep/configs/dnsmasq.conf +++ b/packages/torouter-prep/configs/dnsmasq.conf @@ -83,9 +83,10 @@ no-poll # interface (eg eth0) here. # Repeat the line for more than one interface. interface=eth1 -#interface=uap0 +interface=uap0 # Or you can specify which interface _not_ to listen on except-interface=eth0 +except-interface=lo # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) #listen-address= diff --git a/packages/torouter-prep/configs/inittab b/packages/torouter-prep/configs/inittab new file mode 100644 index 0000000..98dca83 --- /dev/null +++ b/packages/torouter-prep/configs/inittab @@ -0,0 +1,70 @@ +# /etc/inittab: init(8) configuration. +# $Id: inittab,v 1.91 2002/01/25 13:35:21 miquels Exp $ + +# The default runlevel. +id:2:initdefault: + +# Boot-time system configuration/initialization script. +# This is run first except when booting in emergency (-b) mode. +si::sysinit:/etc/init.d/rcS + +# What to do in single-user mode. +~~:S:wait:/sbin/sulogin + +# /etc/init.d executes the S and K scripts upon change +# of runlevel. +# +# Runlevel 0 is halt. +# Runlevel 1 is single-user. +# Runlevels 2-5 are multi-user. +# Runlevel 6 is reboot. + +l0:0:wait:/etc/init.d/rc 0 +l1:1:wait:/etc/init.d/rc 1 +l2:2:wait:/etc/init.d/rc 2 +l3:3:wait:/etc/init.d/rc 3 +l4:4:wait:/etc/init.d/rc 4 +l5:5:wait:/etc/init.d/rc 5 +l6:6:wait:/etc/init.d/rc 6 +# Normally not reached, but fallthrough in case of emergency. +z6:6:respawn:/sbin/sulogin + +# What to do when CTRL-ALT-DEL is pressed. +ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now + +# Action on special keypress (ALT-UpArrow). +#kb::kbrequest:/bin/echo "Keyboard Request--edit /etc/inittab to let this work." + +# What to do when the power fails/returns. +pf::powerwait:/etc/init.d/powerfail start +pn::powerfailnow:/etc/init.d/powerfail now +po::powerokwait:/etc/init.d/powerfail stop + +# /sbin/getty invocations for the runlevels. +# +# The "id" field MUST be the same as the last +# characters of the device (after "tty"). +# +# Format: +# <id>:<runlevels>:<action>:<process> +# +# Note that on most Debian systems tty7 is used by the X Window System, +# so if you want to add more getty's go ahead but skip tty7 if you run X. +# +1:2345:respawn:/sbin/getty 38400 tty1 +#2:23:respawn:/sbin/getty 38400 tty2 +#3:23:respawn:/sbin/getty 38400 tty3 +#4:23:respawn:/sbin/getty 38400 tty4 +#5:23:respawn:/sbin/getty 38400 tty5 +#6:23:respawn:/sbin/getty 38400 tty6 + +# Example how to put a getty on a serial line (for a terminal) +# +#T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100 +#T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100 + +# Example how to put a getty on a modem line. +# +#T3:23:respawn:/sbin/mgetty -x0 -s 57600 ttyS3 + +T0:2345:respawn:/sbin/getty -L ttyS0 115200 linux diff --git a/packages/torouter-prep/configs/interfaces b/packages/torouter-prep/configs/interfaces index d1a5fa6..903bdb4 100644 --- a/packages/torouter-prep/configs/interfaces +++ b/packages/torouter-prep/configs/interfaces @@ -30,9 +30,9 @@ iface uap0 inet static broadcast 172.16.23.255 pre-up ifconfig uap0 hw ether 00:66:66:66:66:66 post-up /etc/init.d/tor reload - #post-up /etc/init.d/udhcpd restart post-up /etc/init.d/dnsmasq restart - post-up /root/tor-wireless-firewall.sh - post-up /root/uaputl/uaputl sys_cfg_ssid "torproject" - post-up /root/uaputl/uaputl bss_start - pre-down /root/uaputl/uaputl bss_stop + post-up /etc/init.d/ttdnsd restart + post-up /usr/bin/uaputl sys_cfg_ssid "torproject" + post-up /usr/bin/uaputl bss_start + post-up /usr/share/torouter-prep/example-configs/tor-wireless-firewall.sh + pre-down /usr/bin/uaputl bss_stop diff --git a/packages/torouter-prep/configs/modprobe.d-blacklist.conf b/packages/torouter-prep/configs/modprobe.d-blacklist.conf new file mode 100644 index 0000000..87c6fbe --- /dev/null +++ b/packages/torouter-prep/configs/modprobe.d-blacklist.conf @@ -0,0 +1,26 @@ +# This file lists modules which will not be loaded as the result of +# alias expansion, with the purpose of preventing the hotplug subsystem +# to load them. It does not affect autoloading of modules by the kernel. +# This file is provided by the udev package. + +# evbug is a debug tool and should be loaded explicitly +blacklist evbug + +# these drivers are very simple, the HID drivers are usually preferred +blacklist usbmouse +blacklist usbkbd + +# replaced by e100 +blacklist eepro100 + +# replaced by tulip +blacklist de4x5 + +# replaced by tmscsim +blacklist am53c974 + +# these watchdog drivers break some systems +blacklist iTCO_wdt + + +blacklist ipv6 diff --git a/packages/torouter-prep/configs/ntp.conf b/packages/torouter-prep/configs/ntp.conf new file mode 100644 index 0000000..cb7d021 --- /dev/null +++ b/packages/torouter-prep/configs/ntp.conf @@ -0,0 +1,55 @@ +# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help + +driftfile /var/lib/ntp/ntp.drift + + +# Enable this if you want statistics to be logged. +#statsdir /var/log/ntpstats/ + +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + + +# You do need to talk to an NTP server or two (or three). +#server ntp.your-provider.example + +# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will +# pick a different set every time it starts up. Please consider joining the +# pool: <http://www.pool.ntp.org/join.html> +server 0.debian.pool.ntp.org iburst +server 1.debian.pool.ntp.org iburst +server 2.debian.pool.ntp.org iburst +server 3.debian.pool.ntp.org iburst + + +# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for +# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> +# might also be helpful. +# +# Note that "restrict" applies to both servers and clients, so a configuration +# that might be intended to block requests from certain clients could also end +# up blocking replies from your own upstream servers. + +# By default, exchange time with everybody, but don't allow configuration. +restrict -4 default kod notrap nomodify nopeer noquery +restrict -6 default kod notrap nomodify nopeer noquery + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + +# Clients from this (example!) subnet have unlimited access, but only if +# cryptographically authenticated. +#restrict 192.168.123.0 mask 255.255.255.0 notrust + + +# If you want to provide time to your local subnet, change the next line. +# (Again, the address is an example only.) +#broadcast 192.168.123.255 + +# If you want to listen to time broadcasts on your local subnet, de-comment the +# next lines. Please do this only if you trust everybody on the network! +#disable auth +#broadcastclient diff --git a/packages/torouter-prep/configs/sources.list b/packages/torouter-prep/configs/sources.list index f6c7c0b..c7e7e4a 100644 --- a/packages/torouter-prep/configs/sources.list +++ b/packages/torouter-prep/configs/sources.list @@ -12,3 +12,6 @@ deb http://backports.debian.org/debian-backports squeeze-backports main # Tor project repo deb http://deb.torproject.org/torproject.org/ squeeze main deb-src http://deb.torproject.org/torproject.org squeeze main + +# Torouter project repo +deb http://torrouter.torproject.org/torrouter torrouter main diff --git a/packages/torouter-prep/configs/torrc b/packages/torouter-prep/configs/torrc index b4c5de3..7a12e73 100644 --- a/packages/torouter-prep/configs/torrc +++ b/packages/torouter-prep/configs/torrc @@ -35,7 +35,7 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log Log notice file /var/log/tor/notices.log ## Send every possible message to /var/log/tor/debug.log -Log debug file /var/log/tor/debug.log +#Log debug file /var/log/tor/debug.log ## Use the system log instead of Tor's logfiles #Log notice syslog ## To send all messages to stderr: @@ -67,8 +67,9 @@ DataDirectory /var/lib/tor ## HiddenServicePort x y:z says to redirect requests on port x to the ## address y:z. -HiddenServiceDir /var/lib/tor/hidden_service/ -HiddenServicePort 22 127.0.0.1:22 +# Uncomment this to allow ssh access to the Torouter over your own Hidden Service +#HiddenServiceDir /var/lib/tor/hidden_service/ +#HiddenServicePort 22 127.0.0.1:22 #HiddenServiceDir /var/lib/tor/other_hidden_service/ #HiddenServicePort 80 127.0.0.1:80 @@ -78,16 +79,15 @@ HiddenServicePort 22 127.0.0.1:22 # ## See https://www.torproject.org/docs/tor-doc-relay for details. -## Required: what port to advertise for incoming Tor connections. -ORPort 9001 +### Required: what port to advertise for incoming Tor connections. +ORPort 9001 ## If you want to listen on a port other than the one advertised ## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the ## line below too. You'll need to do ipchains or other port forwarding ## yourself to make this work. #ORListenAddress 0.0.0.0:9090 - -## A handle for your relay, so people don't have to refer to it by key. -#Nickname ididnteditheconfig +#ORListenAddress 0.0.0.0:9090 +Nickname Torouter ## The IP address or full DNS name for your relay. Leave commented out ## and Tor will guess. @@ -150,9 +150,10 @@ ORPort 9001 ## ISP is filtering connections to all the known Tor relays, they probably ## won't be able to block all the bridges. Also, websites won't treat you ## differently because they won't know you're running Tor. If you can -## be a real relay, please do; but if not, be a bridge! -#BridgeRelay 1 +# be a real relay, please do; but if not, be a bridge! ExitPolicy reject *:* +ExitPolicy accept *:* + AvoidDiskWrites 1 @@ -160,14 +161,16 @@ AvoidDiskWrites 1 VirtualAddrNetwork 10.192.0.0/10 AutomapHostsOnResolve 1 TransPort 9040 -TransListenAddress 172.16.23.1 +TransListenAddress 172.16.23.1 DNSPort 5353 -DNSListenAddress 172.16.23.1 +DNSListenAddress 172.16.23.1 +DNSListenAddress 127.0.0.1:53 User debian-tor -PortForwarding 1 -PortForwardingHelper /usr/local/bin/tor-fw-helper +# By default we do not have PortForwarding support +# PortForwarding 1 +# PortForwardingHelper /usr/local/bin/tor-fw-helper PIDFile /var/run/tor/tor.pid diff --git a/packages/torouter-prep/configs/ttdnsd-default b/packages/torouter-prep/configs/ttdnsd-default new file mode 100755 index 0000000..0a22bc4 --- /dev/null +++ b/packages/torouter-prep/configs/ttdnsd-default @@ -0,0 +1,17 @@ +# /etc/default/ttdnsd + +# Address to bind to - usually this should be 127.0.0.1 +# unless a copy of ttdnsd runs on 127.0.0.n +ADDR_ARG="-b 172.16.23.1" + +# Port to listen on - almost always this should be port 53 +# unless an additional local DNS cache (like unbound, dnscache, pdnsd) +# listen on port 53 as system resolver and is used in front of ttdnsd +# for caching purposes. +PORT_ARG="-p 5354" + +# Debug logging +# DEBUG_LOGGING="-l" + +# Glue all of it together below +DEFAULTS="$ADDR_ARG $PORT_ARG" |