Re: [tor-bugs] #10582 [Tor]: Please add support for TPROXY for linux in TransProxy

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#10582: Please add support for TPROXY for linux in TransProxy
------------------------+-----------------
     Reporter:  thomo   |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:
Actual Points:          |  Parent ID:
       Points:          |
------------------------+-----------------

Comment (by thomo):

 TPROXY only works on a router, it doesn't work on the local machine. You
 still need to use NAT for that. But to test this you do the following:

 Create a rule for a firewall mark for the traffic to lookup a routing
 table.
 ie.
 ip rule add fwmark 16 lookup 10

 add a routing rule for the traffic to the lo device:
 ip route add local default dev lo table 10
 ip -6 route add local default dev lo table 10


 And tell the firewall to mark the packets:

 in ferm:
 domain (ip ip6) {
     table mangle {
        chain PREROUTING {
             CONNMARK restore-mark;
             interface XXXX proto tcp dport (80 443) mod connmark mark 0
 TPROXY on-port 9040 tproxy-mark 10;
             CONNMARK save-mark;
        }
      }
 }

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10582#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs