[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Transparently anonymizing traffic iptables problem

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Transparently anonymizing traffic iptables problem
From: unknown <unknown@xxxxxxxxx>
Date: Tue, 17 Feb 2009 17:40:15 +0000
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 17 Feb 2009 12:42:58 -0500
Organization: PGPru.com
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Mon, 9 Feb 2009 19:42:03 +0000
unknown <unknown@xxxxxxxxx> wrote:

> https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy :
> 
> [quote]
> 
> 2.1. Transparently anonymizing traffic for a specific user
> 
> [code]
> iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --syn -j REDIRECT --to-ports 9040 
> 
> iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53 
> 
> iptables -t nat -A OUTPUT -m owner --uid-owner anonymous -j DROP
> [/code]
> 
> [/quote]
> 
> But last iptables rule will not working anymore.
> 
> Iptables warning:
> 
> [quote]
> The "nat" table is not intended for filtering, hence the use of DROP is deprecated and will permanently be disabled in the next iptables release. Please adjust your scripts.
> [/quote]
> 
> What's better iptables rule for *specific* user?
> 

Is it right instead DROP change destination of all packets for all ports and protocols from specific user to localhost to block what to tor or privoxy  can't accept?

iptables -t nat -A OUTPUT -m owner --uid-owner anonymous -j DNAT --to-destination 127.0.0.1

Prev by Author: Transparently anonymizing traffic iptables problem
Next by Author: DNSPort and DNSListenAddress and SocksPolicy
Previous by thread: Transparently anonymizing traffic iptables problem
Next by thread: 0.2.0.33 for OSX10.3
Index(es):
- Author
- Thread