POLIPO AS A PROXY SERVER WITH TOR SOCKS ON FREEBSD

Polipo is a lightweight caching and forwarding web proxy server. It has a variety of uses, from helping security by filtering traffic; to perform web browser caching and other computer network searches. Polipo is a single-threaded web proxy, which has very high web caching capabilities. Polipo is designed for groups of people sharing internet resources, to speed up web servers by caching repetitive requests.

A proxy server using polipo on the FreeBSD operating system can function to block sites that are deemed inappropriate to access. By storing cache on disk, the Polipo proxy server is fast, light and small, very useful for networks that don't have a large proxy server.

To install Polipo on FreeBSD, you need a FreeBSD server that provides the Polipo repository. In this tutorial, the system specifications used are:


OS: FreeBSD 13.2-STABLE 

CPU: AMD Phenom II X4 965 3400 MHz

Memory: 2 gb

Hard Disk: 40 gb

IP LAN: 192.168.9.3/24

IP TOR: 192.168.9.3

Port TOR: 9050

IP Polipo: 192.168.9.3

Hostname: router2

Domain: unixexplore.com

Port Polipo: 8118


In this tutorial we will make Polipo a proxy gateway for Tor, meaning we make TOR the backend while we make Polipo the frontend. So every client who accesses the web browser will be served by Polipo.

To install TOR, you can read the previous article entitled "TOR INSTALLATION & CONFIGURATION GUIDE ON FreeBSD 13.2 Stable.". Let's go straight to the discussion, namely installing and configuring the Polipo application.

The first step that must be taken is to install the Polipo application via the port or pkg on the FreeBSD server.

root@router2:~ # cd /usr/ports/www/polipo
root@router2:~ # make install clean
If you use the pkg package, you can install polipo by typing the script below.

root@router2:~ # pkg update -f
root@router2:~ # pkg upgrade -f
The script above is used to update and upgrade the pkg package. After the update process is complete, continue with the Polipo installation.

root@router2:~ # pkg install polipo
Wait a few minutes until the Polipo installation process is complete. Then we continue by activating Polipo in the rc.conf file, as well as the polipo group and polipo user. Activate Polipo in the rc.conf file, so that Polipo can automatically RUNNING when the server restarts/boots or when the server is turned off.

root@router2:~ # ee /etc/rc.conf
polipo_enable="YES"

After we have finished starting up rc.d, the next step is to create a Polipo log file. Use the script below to create a polipo log file.

root@router2:~ # touch /var/log/polipo

In the /etc/newsyslog.conf folder. enter the following script.

root@router2:~ # ee /etc/newsyslog.conf
/var/log/polipo polipo: 640 3 100 * J /var/run/polipo/polipo.pid 30
root@router2:~ # chown -R polipo:polipo /usr/local/etc/polipo
root@router2:~ # chown -R polipo:polipo /usr/local/etc/polipo/
root@router2:~ # chown -R polipo:polipo /var/log/polipo

After that, create ownership permissions for the config file.

root@router2:~ # cd /usr/local/etc/polipo
root@router2:~ # chmod +w config

The next configuration is, edit the config file, which is in the /usr/local/etc/polipo folder. Can be done with putty or winscp. Editing the config file is easier to do remotely via the winscp application.

root@router2:/usr/local/etc/polipo # cd /usr/local/etc/polipo
root@router2:~ # ee config

Edit the "config" file as needed. To activate a script line, remove the "#" sign, if there is a "#" sign at the beginning of the script line, it means the script is not active.

What you have to activate in the config file is:

proxyAddress = "192.168.9.3"

allowedClients = 192.168.9.0/24, 127.0.0.1

proxyName = "router2.unixexplore.com"

socksParentProxy = "192.168.9.3:9050"

socksProxyType = socks5

cacheIsShared = false

diskCacheRoot = ""

After that restart Polipo.

root@router2:~ # service polipo restart
Stopping polipo.
Starting polipo.
root@router2:~ #
When editing the config file, what you have to pay attention to is the socksParentProxy and socksProxyType script. IP 127.0.01 and Port 9050 are the IP and Port of the torrc file in /usr/local/etc/tor of the TOR program. This means that Polipo is forwarded to the IP and TOR port. Meanwhile, socksProxyType = socks5 is the socket from the torrc file belonging to the TOR program. This means that the Polipo socket is forwarded to TOR's socket, so that the TOR program becomes the backend of the Polipo program.

Now we test on a web browser, for example Google Chrome. In the settings menu select network settings. Look at the image below.




Let's see if port 8118 Polipo is open.

root@router2:~ # sockstat -4 | grep polipo
polipo   polipo     651   4  tcp4   192.168.9.3:8118      *:*
root@router2:~ # 
Port 8118 is open on IP 192.168.9.3. This means that the Polipo program is running. Below is the COMPLETE SCRIPT of the config file from the Polipo program.

# Sample configuration file for Polipo. -*-sh-*-

# You should not need to use a configuration file; all configuration
# variables have reasonable defaults.  If you want to use one, you
# can copy this to /etc/polipo/config or to ~/.polipo and modify.

# This file only contains some of the configuration variables; see the
# list given by ``polipo -v'' and the manual for more.


### Basic configuration
### *******************

# Uncomment one of these if you want to allow remote clients to
# connect:

# proxyAddress = "::0"        # both IPv4 and IPv6
proxyAddress = "192.168.9.3"    # IPv4 only
proxyPort = 8118

# If you do that, you'll want to restrict the set of hosts allowed to
# connect:

# allowedClients = 127.0.0.1, 134.157.168.57
 allowedClients = 192.168.9.0/24, 127.0.0.1

# Uncomment this if you want your Polipo to identify itself by
# something else than the host name:

proxyName = "router2.unixexplore.com"

# Uncomment this if there's only one user using this instance of Polipo:

cacheIsShared = false

# Uncomment this if you want to use a parent proxy:

# parentProxy = "squid.example.org:3128"

# Uncomment this if you want to use a parent SOCKS proxy:

socksParentProxy = "192.168.9.3:9050"
socksProxyType = socks5

# Uncomment this if you want to scrub private information from the log:

# scrubLogs = true


### Memory
### ******

# Uncomment this if you want Polipo to use a ridiculously small amount
# of memory (a hundred C-64 worth or so):

chunkHighMark = 819200
objectHighMark = 128

# Uncomment this if you've got plenty of memory:

# chunkHighMark = 50331648
# objectHighMark = 16384

# Access rights for new cache files.
diskCacheFilePermissions=0640
# Access rights for new directories.
diskCacheDirectoryPermissions=0750


### On-disk data
### ************

# Uncomment this if you want to disable the on-disk cache:

diskCacheRoot = ""

# Uncomment this if you want to put the on-disk cache in a
# non-standard location:

# diskCacheRoot = "~/.polipo-cache/"

# Uncomment this if you want to disable the local web server:

localDocumentRoot = ""

# Uncomment this if you want to enable the pages under /polipo/index?
# and /polipo/servers?.  This is a serious privacy leak if your proxy
# is shared.

# disableIndexing = false
# disableServersList = false


### Domain Name System
### ******************

# Uncomment this if you want to contact IPv4 hosts only (and make DNS
# queries somewhat faster):

# dnsQueryIPv6 = no

# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for
# double-stack hosts:

# dnsQueryIPv6 = reluctantly

# Uncomment this to disable Polipo's DNS resolver and use the system's
# default resolver instead.  If you do that, Polipo will freeze during
# every DNS query:

# dnsUseGethostbyname = yes


### HTTP
### ****

# Uncomment this if you want to enable detection of proxy loops.
# This will cause your hostname (or whatever you put into proxyName
# above) to be included in every request:

# disableVia=false

# Uncomment this if you want to slightly reduce the amount of
# information that you leak about yourself:

# censoredHeaders = from, accept-language
censorReferer = maybe

# Uncomment this if you're paranoid.  This will break a lot of sites,
# though:

# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language
# censorReferer = true

# Uncomment this if you want to use Poor Man's Multiplexing; increase
# the sizes if you're on a fast line.  They should each amount to a few
# seconds' worth of transfer; if pmmSize is small, you'll want
# pmmFirstSize to be larger.

# Note that PMM is somewhat unreliable.

# pmmFirstSize = 16384
# pmmSize = 8192

# Uncomment this if your user-agent does something reasonable with
# Warning headers (most don't):

# relaxTransparency = maybe

# Uncomment this if you never want to revalidate instances for which
# data is available (this is not a good idea):

# relaxTransparency = yes

# Uncomment this if you have no network:

# proxyOffline = yes

# Uncomment this if you want to avoid revalidating instances with a
# Vary header (this is not a good idea):

# mindlesslyCacheVary = true

# Uncomment this if you want to add a no-transform directive to all
# outgoing requests.

# alwaysAddNoTransform = true

By following this tutorial you will have improved your computer's security system, especially the security on port 80.

Iwan Setiawan

I Like Adventure: Mahameru Mount, Rinjani Mount I Like Writer FreeBSD

Post a Comment

Previous Post Next Post