Privoxy -> Tor Does Not Go Through Tor on Ubuntu 20.04

wanwandrew asked:

It is quite the simple setup, as one could imagine, yet it seems that I am having trouble getting Privoxy to talk to Tor. The setup is running Ubuntu 20.04 with the latest packages for tor, privoxy, and squid, whereas the computer I am browsing from is on the same local network. I am able to access error pages for squid and privoxy, as well as privoxy’s configuration page, so there is no error between those two…

Here is my Privoxy configuration file:

user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
logdir /var/log/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action   # Main actions file
actionsfile user.action      # User customizations
filterfile default.filter
filterfile user.filter      # User customizations
logfile logfile
debug  4096 # Startup banner and warnings
debug  8192 # Non-fatal errors
listen-address  127.0.0.1:8118
listen-address  [::1]:8118
toggle  1
enable-remote-toggle  0
enable-remote-http-toggle  0
enable-edit-actions 0
enforce-blocks 1
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forward-socks4a / 127.0.0.1:9050
foward-socks4 / 127.0.0.1:9050
forward-sock5 / 127.0.0.1:9050
forward-socks5t / 127.0.0.1:9050
forwarded-connect-retries  0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300

I have tried editing the forward lines to include a trailing dot, and that does not work either.

Here, then, is my tor configuration file:
(HTTPTunnelPort has been added and does not affect the situation.)

SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
SocksPolicy accept 192.168.1.0/24
SocksPolicy accept 127.0.0.1
SocksPolicy reject *
SocksBindAddress 127.0.0.1
SocksListenAddress 127.0.0.1
RunAsDaemon 1
OutboundBindAddress 192.168.1.3
HTTPTunnelPort 9050

From the Ubuntu machine, for a short period of time, I was able to use wget to reach api.ipify.org and request my IP, which was different from my usual IP, thus signifying that tor was indeed working, however I cannot reproduce this and I suspect that my request was not being routed through privoxy. (Though I do not have proof of this either.)

Here is my ufw rules list. Pardon the mess.

To                         Action      From
--                         ------      ----
192.168.1.3 3128/tcp       ALLOW IN    192.168.1.0/24
3128/tcp                   ALLOW IN    192.168.1.0/24
192.168.1.0/24 67/udp      ALLOW IN    Anywhere
22/tcp                     ALLOW IN    192.168.1.0/24
53/udp                     ALLOW IN    Anywhere
25/tcp                     ALLOW IN    Anywhere
192.168.1.3 80/tcp         ALLOW IN    Anywhere
192.168.1.3 443/tcp        ALLOW IN    Anywhere
23728/udp                  ALLOW IN    Anywhere
40036/udp                  ALLOW IN    Anywhere
23728/tcp                  ALLOW IN    Anywhere
40036/tcp                  ALLOW IN    Anywhere
9050/tcp                   ALLOW IN    127.0.0.1
9050/tcp                   ALLOW IN    Anywhere
53/udp (v6)                ALLOW IN    Anywhere (v6)
25/tcp (v6)                ALLOW IN    Anywhere (v6)
23728/udp (v6)             ALLOW IN    Anywhere (v6)
40036/udp (v6)             ALLOW IN    Anywhere (v6)
23728/tcp (v6)             ALLOW IN    Anywhere (v6)
40036/tcp (v6)             ALLOW IN    Anywhere (v6)
9050/tcp (v6)              ALLOW IN    Anywhere (v6)

192.168.1.3 8118/tcp       ALLOW OUT   192.168.1.3 3128/tcp
53/udp                     ALLOW OUT   Anywhere
80/tcp                     ALLOW OUT   Anywhere
443/tcp                    ALLOW OUT   Anywhere
25/tcp                     ALLOW OUT   Anywhere
40036/udp                  ALLOW OUT   Anywhere
23728/udp                  ALLOW OUT   Anywhere
23728/tcp                  ALLOW OUT   Anywhere
40036/tcp                  ALLOW OUT   Anywhere
123/udp                    ALLOW OUT   Anywhere
192.168.1.3 9050/tcp       ALLOW OUT   192.168.1.3 8118/tcp
9050/tcp                   ALLOW OUT   Anywhere
53/udp (v6)                ALLOW OUT   Anywhere (v6)
80/tcp (v6)                ALLOW OUT   Anywhere (v6)
443/tcp (v6)               ALLOW OUT   Anywhere (v6)
25/tcp (v6)                ALLOW OUT   Anywhere (v6)
40036/udp (v6)             ALLOW OUT   Anywhere (v6)
23728/udp (v6)             ALLOW OUT   Anywhere (v6)
23728/tcp (v6)             ALLOW OUT   Anywhere (v6)
40036/tcp (v6)             ALLOW OUT   Anywhere (v6)
123/udp (v6)               ALLOW OUT   Anywhere (v6)
9050/tcp (v6)              ALLOW OUT   Anywhere (v6)

Can anybody tell me where I went wrong with my setup, aside from redundant firewall rules?

My answer:


There is a mistake in your privoxy config:

forward-socks4a / 127.0.0.1:9050
foward-socks4 / 127.0.0.1:9050
forward-sock5 / 127.0.0.1:9050
forward-socks5t / 127.0.0.1:9050

For using Tor, only forward-socks5t should be used. The comments in the configuration file also told you this, but you seem to have deleted them. Delete the other three lines.

You should also only use https://check.torproject.org/ to check whether you are using Tor.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.