[Solved]/etc/privoxy/config

megaman · 2009-07-25 23:55:09

I haven't had to go through this file in some time now. What im trying to figure out is what exactly does changing the line
listen-address 127.0.0.1:8118 to my actual private ip do? ie. 192.168......or what would it do if I changed it to my firewall box ip? I'm fuzzy on this and need it in laymans terms.

Does it just go ahead and put everything through socks or what?

Last edited by megaman (2009-07-26 23:03:59)

Skripka · 2009-07-26 00:15:30

megaman wrote:

I haven't had to go through this file in some time now. What im trying to figure out is what exactly does changing the line
listen-address 127.0.0.1:8118 to my actual private ip do? ie. 192.168......or what would it do if I changed it to my firewall box ip? I'm fuzzy on this and need it in laymans terms.
Does it just go ahead and put everything through socks or what?

Why are you wanting to change the listen IP? The only reason I can think of to do so, is if you're wanting to set up Privoxy as a filtering proxy server for a LAN.

Privoxy User Manual wrote:

7.4.1. listen-address
Specifies:
The IP address and TCP port on which Privoxy will listen for client requests.
Type of value:
[IP-Address]:Port
Default value:
127.0.0.1:8118
Effect if unset:
Bind to 127.0.0.1 (localhost), port 8118. This is suitable and recommended for home users who run Privoxy on the same machine as their browser.
Notes:
You will need to configure your browser(s) to this proxy address and port.
If you already have another service running on port 8118, or if you want to serve requests from other machines (e.g. on your local network) as well, you will need to override the default.
If you leave out the IP address, Privoxy will bind to all interfaces (addresses) on your machine and may become reachable from the Internet. In that case, consider using access control lists (ACL's, see below), and/or a firewall.
If you open Privoxy to untrusted users, you will also want to make sure that the following actions are disabled: enable-edit-actions and enable-remote-toggle
Example:
Suppose you are running Privoxy on a machine which has the address 192.168.0.1 on your local private network (192.168.0.0) and has another outside connection with a different address. You want it to serve requests from inside only:
listen-address 192.168.0.1:8118

Last edited by Skripka (2009-07-26 00:17:05)

Xyne · 2009-07-26 00:29:29

The listen address specifies the interface and the port that the privoxy server will listen to.
127.0.0.1 is localhost, which is only accessible to your system and used for internal applications.
192.168.x.x is the IP address of your network card (eth0 interface) on your local LAN.

If you leave listen-address set to 127.0.0.1:8118 then privoxy can only be accessed internally on your system, i.e. not from the LAN or beyond.
Setting it to 192.168.x.x:8118 will make it accessible to the LAN and maybe even beyond that depending on your firewall and NAT setup.

You can't change it to your firewall box's IP because that is attached to the firewall box's interface which isn't on your system. If you want to access privoxy on your box from the internet, you need to set up port forwarding on your firewall box to redirect incoming requests to the privoxy box.

Maybe this analogy will work:
Privoxy is an employee at McDonald's named Bob. Bob's job is to take customers' orders (http requests), figure out what he's supposed to do with them (the privoxy configs), then come back with the food (web content). If Bob is in the back room then he's useless because the customers can't place their orders so you have to tell Bob where the customers are going to order (the listen-address... yeah, Bob is stupid).

127.0.0.1/localhost is the counter. Only customers already inside the restaurant (apps on your system) can order at the counter. 192.168.x.x is the drive-thru window and anyone can pull up and place an order. If you tell Bob to only work the counter (listen-address 127.0.0.1:8118), then he'll take care of those customers but ignore the drive-thru people. If you tell him to handle the drive-thru (192.168.x.x:8118), then he'll take care of the drive-thru but people in the restaurant will have to go outside and order at the drive-thru window. If you tell Bob to handle everyone (listen-address 8118), then he'll do both. If you tell Bob to handle the customers down the street at Burger King (listen-address <firewall box's IP>), he'll just look at you and say "lolwut?".

You can also think of the port (8118) as which register at the counter or which drive-thru window Bob should handle (there are 65535 of them... it's a big McD's).

*edit*
Btw, setting up port-forwarding with your firewall would be telling Dave (the firewall) down at Burger King (the firewall box) that every time someone comes in and orders a Big Mac (privoxy request from the internet), Dave needs to sneak out the back door (the local LAN), run over to McDonald's (the privoxy box) and place his order with Bob (privoxy), then run back with it and hand it over to the customer. Bob needs to know that he's supposed to serve Dave (listen-address 8118 or listen-address 192.168.x.x:8118) and Dave needs to know where to go (the port forwarding).

Yeah, I know this is long, but I actually enjoyed the analogy. Overclarification is better than underclarification imo.

Last edited by Xyne (2009-07-26 00:36:22)

megaman · 2009-07-26 23:03:36

Xyne wrote:

The listen address specifies the interface and the port that the privoxy server will listen to.
127.0.0.1 is localhost, which is only accessible to your system and used for internal applications.
192.168.x.x is the IP address of your network card (eth0 interface) on your local LAN.
If you leave listen-address set to 127.0.0.1:8118 then privoxy can only be accessed internally on your system, i.e. not from the LAN or beyond.
Setting it to 192.168.x.x:8118 will make it accessible to the LAN and maybe even beyond that depending on your firewall and NAT setup.
You can't change it to your firewall box's IP because that is attached to the firewall box's interface which isn't on your system. If you want to access privoxy on your box from the internet, you need to set up port forwarding on your firewall box to redirect incoming requests to the privoxy box.

Maybe this analogy will work:
Privoxy is an employee at McDonald's named Bob. Bob's job is to take customers' orders (http requests), figure out what he's supposed to do with them (the privoxy configs), then come back with the food (web content). If Bob is in the back room then he's useless because the customers can't place their orders so you have to tell Bob where the customers are going to order (the listen-address... yeah, Bob is stupid).
127.0.0.1/localhost is the counter. Only customers already inside the restaurant (apps on your system) can order at the counter. 192.168.x.x is the drive-thru window and anyone can pull up and place an order. If you tell Bob to only work the counter (listen-address 127.0.0.1:8118), then he'll take care of those customers but ignore the drive-thru people. If you tell him to handle the drive-thru (192.168.x.x:8118), then he'll take care of the drive-thru but people in the restaurant will have to go outside and order at the drive-thru window. If you tell Bob to handle everyone (listen-address 8118), then he'll do both. If you tell Bob to handle the customers down the street at Burger King (listen-address <firewall box's IP>), he'll just look at you and say "lolwut?".
You can also think of the port (8118) as which register at the counter or which drive-thru window Bob should handle (there are 65535 of them... it's a big McD's).

*edit*
Btw, setting up port-forwarding with your firewall would be telling Dave (the firewall) down at Burger King (the firewall box) that every time someone comes in and orders a Big Mac (privoxy request from the internet), Dave needs to sneak out the back door (the local LAN), run over to McDonald's (the privoxy box) and place his order with Bob (privoxy), then run back with it and hand it over to the customer. Bob needs to know that he's supposed to serve Dave (listen-address 8118 or listen-address 192.168.x.x:8118) and Dave needs to know where to go (the port forwarding).

Yeah, I know this is long, but I actually enjoyed the analogy. Overclarification is better than underclarification imo.

I see, considering all that I do with computers I don't know why I didn't see this right away. Yes, I will surely not be putting that on the firewall box. I guess I was thinking of it wrongly in terms of, maybe I would just be able to have all tcp go through tor without having to torify specific applications. But this is not really the case. Your clarification surely helped me and should help anyone who comes here looking for info on that file. I used to always copy and paste my old config files, after awhile I forget what's going on inside them. Now I have a solid undestanding of this. Thanks

**Reading back over this before I submit, I lol'd at what the hell I was thinking. Put firewall ip as listen address

Arch Linux

#1 2009-07-25 23:55:09

[Solved]/etc/privoxy/config

#2 2009-07-26 00:15:30

Re: [Solved]/etc/privoxy/config

#3 2009-07-26 00:29:29

Re: [Solved]/etc/privoxy/config

#4 2009-07-26 23:03:36

Re: [Solved]/etc/privoxy/config

Board footer