[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Yet another UDP / DNS quiestion...
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Yet another UDP / DNS quiestion...
- From: tagnaq <tagnaq@xxxxxxxxx>
- Date: Sun, 13 Feb 2011 00:32:55 +0100
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sat, 12 Feb 2011 18:32:50 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=16YonOzONHfla+oM9/qtENd0iERNZYYMidfMKPza4dI=; b=s7C4ooooXZCPYUnz/CqUeai2OvbypL1YNPuj7b5ObNuN1ym3S5Nl+43LwT0WBO7azk I0lfoU2YDosAQzJP1LxB81DvEWIrdkfWPjDPZq1GiGQC8jkDae2vokPSj7pNcVeznymy ekDvDSRvQziIyO03U7bClcqCT2Q2rO9XMzTo8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; b=uzj9g93PyS8m8Y5TZAVw5tBv4ZTb7CWLe/ZtCTin3bSqpBv55OPRONeWqrLwbtf5SX J9aK0y01UdenWVNf9zy+rlZupaM1qLUULBpNlGl3u1be1rc3GQIJdcXKZwwwQCTn00yf 8EnL3HkRgVOJfDgCMfta2b1E9U0Si+JvpZYtg=
- In-reply-to: <1297485037.4789.1.camel@HAL9000>
- References: <1297485037.4789.1.camel@HAL9000>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On 02/12/2011 05:30 AM, Tomasz Moskal wrote:
> I was reading Transparently Routing Traffic Through Tor
> <https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy>
> and although I don't need to run Tor as transparent proxy I like the
> idea of routing the UDP/DNS requests to localhost. If I will reroute
> all those requests with iptables to the port on which Tor is
> listening I should have no problems with DNS leaking, right?
Yes if you redirect DNS requests to Tor's DNSPort you should be safe
against DNS leaks.
> 3. iptables
>
> iptables -t nat -A OUTPUT -o lo -j RETURN iptables -t nat -A OUTPUT
> -m owner --uid-owner $TOR_UID -j RETURN iptables -t nat -A OUTPUT -p
> udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A
> PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53
> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT iptables
> -A OUTPUT -j REJECT
I guess you are talking about a local setup without a "middlebox"
involved. If my assumption is correct you want to refer to the following
section in the document:
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy#LocalRedirectionThroughTor
as far as I can see you copied parts of the iptables rules from the
"middlebox" setup from this section:
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy#LocalRedirectionandAnonymizingMiddlebox
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/