said by jp10558 :

What is the actual problem? I use Outpost Pro, and previously Sygate without issue with TOR and Privoxy. Just let the "chain" work - should be as simple as allow internet access + allow server on a few pop-up dialogs from the firewall.

said by KahunaNui :

Thanks! Sorry, I haven't been able to check back as often as i'd like to.

Well, more concerned about the Zywall. But it seems default settings allow everything to work just fine. Since you mentioned the software firewall apps, wondering if i should grant Zone Alarm Server rights to TOR and/or Privoxy? When I do it opens up more ports: 22 SSH, 80 HTTP, 443 HTTPS, and 113 IDENT shows up as "closed". As it is, only port 22 (SSH) is open.

1. Am i at risk with these open ports?
2. Seems like running as Server would increase speed by allowing Privoxy more to work with?

Thanks again!

said by jp10558 :

Interesting. While i've used many versions the only version that didn't give me headaches was the original 1.0 Pro! Of course that doesn't work with XP, so when and if i ever decide to use XP (using W2KPro now) i'll have to look into another soft firewall. I tend to lean towards Sygate or Outpost, the ones you mentioned.

Not sure about this.

Sorry, i'm not sure what you mean by "outside adapters" and "outside server permission". As far as using two firewalls, i use a hardware firewall w/router (Zywall2) and the ZA Pro version 1 (software).

I'd like to again thank you for your time.

said by KahunaNui :

Well, I may not have been perfectly clear. Basically there are logical and physical network adapters. On most PCs there is only one physical network adapter. (laptops often have 2, one wireless, one ethernet).

However, each adapter will have at least one "virtual" adapter - this is mostly a thought construct to help understand how things work, and isn't technically true... This "virtual" adapter will be the loopback adapter. This may be the same accross all physical adapters on a PC, I'm not sure, and for our purposes doesn't matter.

Various software can use the loopback adapter (namely localhost or 127.0.0.1) as if it was a remote system - TOR *and* Privoxy do this. So, some firewalls (Outpost) treat the loopback adapter as if it IS a remote server, needing it's own permissions and applications need "server" access to accept "outside" connections on this adapter. Others (Sygate, Windows Firewall) do not, and hence no special permissions are necessary.

What I'm getting at is Sygate and the Windows firewall leave a hole there, because *if* you use something like Privoxy, those firewalls do not look at what is directing that proxy internally.

With Outpost, you have to allow programs to access the local proxy, allow the local proxy program permission to act as a proxy server, and allow the local proxy outgoing permission. With TOR next, you have to do the same thing, moving Privoxy from local proxy to program in the chain.

However, you *do not* have to allow privoxy to be a server to any IP but 127.0.0.1, and this is the secure thing to do. You also *do not* have to allow privoxy to have network access to anything but 127.0.0.1 - but this would limit privoxy from working through anything but TOR or another local proxy. You may or may not want to do this.

TOR however has to be allowed to accept connection from the TOR network to work properly, so it needs to be a server to the "real" world also.

Your problem is likely misconfiguring the software firewall, and not forwarding ports/allowing incoming connections to TOR in the hardware firewall.
--
Opera 8.5(Build 7700); Windows XP Pro SP2;Athlon 64 3400+; 1GB PC3200 DDR; 1M/128k DSL; NOD32(Version 2.5.25); Outpost Pro 3;Proxomitron 4.5j Grypen 10/25/05(Opera mod),GPG ID:0x0A1C6EE3