diff --git a/doc/tor.1.in b/doc/tor.1.in index d1be79619f..e8b4678ece 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -88,12 +88,13 @@ Windows since that platform lacks getrlimit(). (Default: 1000) .LP .TP \fBControlPort \fR\fIPort\fP -If set, Tor will accept connections on -this port (Usually: 9051), and allow those connections to control the Tor process using the -Tor Control Protocol (described in control-spec.txt). Note: unless you also -specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP, -setting this option will cause Tor to allow any process on the local host to -control it. This option is required if you would like to use Tor with \fBdns-proxy-tor\fP. +If set, Tor will accept connections on this port and allow those +connections to control the Tor process using the Tor Control Protocol +(described in control-spec.txt). Note: unless you also specify one of +\fBHashedControlPassword\fP or \fBCookieAuthentication\fP, setting +this option will cause Tor to allow any process on the local host to +control it. This option is required for many Tor controllers; most use +the value of 9051. .LP .TP \fBControlListenAddress \fR\fIIP\fR[:\fIPORT\fR]\fP @@ -527,12 +528,13 @@ When a controller asks for a virtual (unused) address with the 'MAPADDRESS' command, Tor picks an unassigned address from this range. (Default: 127.192.0.0/10) -When using \fBdns-proxy-tor\fP to answer queries over a network you'll -want to change this address to "10.192.0.0/10" or "172.16.0.0/12". -The default \fBVirtualAddrNetwork \fR\fIAddress\fB address range on a +When providing proxy server service to a larger using a tool like +dns-proxy-tor, +change this address to "10.192.0.0/10" or "172.16.0.0/12". +The default \fBVirtualAddrNetwork\fP address range on a properly configured machine will route to the loopback interface. -For local use \fBdns-proxy-tor\fP doesn't require a change to the -default \fBVirtualAddrNetwork \fR\fIAddress\fB setting. +For local use, no change to the +default \fBVirtualAddrNetwork\fP setting is needed. .LP .TP \fBAllowNonRFC953Hostnames \fR\fB0\fR|\fB1\fR\fP @@ -552,23 +554,36 @@ building slower. .LP .TP \fBTransPort\fP \fR\fIPORT\fP -Enable transparent proxy support on \fR\fIPORT\fP (Usually: 9040). -This is required to enable support for \fBdns-proxy-tor\fP. -ControlPort must be set when using \fBTransPort\fP. If you're planning +If non-zero, enables transparent proxy support on \fR\fIPORT\fP (by +convention, 9040). +.\" This is required to enable support for \fBdns-proxy-tor\fP. +.\" ControlPort must be set when using \fBTransPort\fP. +Requires OS support for transparent proxies, such as BSDs' pf or +Linux's IPTables. +If you're planning to use Tor as a transparent proxy for a network, you'll want to examine and change VirtualAddrNetwork from the default setting. You'll also want to set the TransListenAddress option for the network you'd like to proxy. +(Default: 0). .LP .TP -\fBTransListenAddress\fP \fR\fIAddress\fB/\fIbits\fP -Optionally listen on \fR\fIAddress\fB/\fIbits\fP as a transparent proxy -server. This is useful for exporting a transparent proxy server +\fBTransListenAddress\fP \fR\fIIP\fR[:\fIPORT\fR]\fP +Bind to this address to listen for transparent proxy connections. +(Default: 127.0.0.1). +This is useful for exporting a transparent proxy server to an entire network. .LP .TP -\fBNatdPort\fP \fR\fIPORT\fP -This option allows users of ipfw (FreeBSD, etc) to send connections through tor in a manner -similar to the TransPort. This option is only for people who cannot use TransPort. +\fBNATDPort\fP \fR\fIPORT\fP +Allow old versions of ipwf (as included in old versions of FreeBSD, +etc.) to send connections through Tor using the NATD protocol. +This option is only for people who cannot +use TransPort. +.LP +.TP +\fBNATDListenAddress\fP \fR\fIIP\fR[:\fIPORT\fR]\fP +Bind to this address to listen for NATD connections. +(Default: 127.0.0.1). .LP .TP .SH SERVER OPTIONS