[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Transparent proxying: automagically add firewall rules



On Mon, 11 Jan 2016 16:43:10 +0000
Rene Bartsch <ml@xxxxxxxxxxxxx> wrote:

> Hi,
> 
> transparent proxying to TOR Hidden Services is a great feature of the 
> TOR daemon when it comes to other applications/protocols than HTTP
> and surfing. It would also be great with privacy appliances (e.g.
> Mailpile using TOR as secure SMTP transport channel).
> 
> John Does have problems with such a setup because of the NAT firewall 
> rules.
> 
> So I suggest the TOR daemon should automagically set the necessary 
> NAT-rules on Windows, Linux and BSD when "TransPort" and 
> "VirtualAddrNetworkIPv[4|6]" are configured in torrc.

This is unlikely to happen because the "sensible automagic thing" will
probably break on various configurations, and more practically, tor
attempts to drop privileges as soon as possible leading it to be unable
to alter or clean up said rules on HUP/exit.

Others are free to disagree, patches will be evaluated if someone
writes them.

Regards,

-- 
Yawning Angel

Attachment: pgppv5tAlaGpl.pgp
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev