[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Problem with TransPort etc.



I am trying to route all traffic from one specific user on one machine on
my LAN through Tor, but I am having difficulties. There is probably
something I have neglected to configure.

What is special with my setup is that I run Tor on one of my servers
(debian). I would like to keep doing this. I am aware that my traffic is
flowing in cleartext over my LAN.

On this server, Tor is running fine, with the following in torrc:
TransPort 10.x.x.x:19050
DNSPort 10.x.x.x:19053
VirtualAddrNetwork 10.192.0.0/10

10.x.x.x is that server's address on the LAN. 'netstat' shows that Tor is
listening on these ports.

On my client machine, I have created a user called 'torvm'. I have added
these two iptables rules:
# iptables -A OUTPUT -t nat -p tcp -m owner â-uid-owner torvm -j DNAT --to
10.x.x.x:19050
# iptables -A OUTPUT -t nat -p udp --dport 53 -mowner --uid-owner torvm -j
DNAT --to 10.x.x.x:19053

The client is running Ubuntu. I doubt this is relevant at the moment.

Now I test this setup on my client:
$ w3m -dump_head www.sunet.se

What happens is this:

1. The client sends the packets to the server on the correct address and
port. This can be seen from a tcpdump trace [1].

2. I do not get any output from my test command on the client. Without the
iptables rules, I do get the expected output.

3. The Tor log shows a warning message: "getsockopt() failed: Protocol not
available".
I don't know if this is the root of the problem. Googling for this in
relation to Tor does not show anything that seemed relevant.
Nothing relevant shows up in syslog that is not also in Tor's log.

I hope someone here can help me.

I'm using Tor 0.2.3.13-alpha-dev (git-627c37ad6a06e3aa)


// Anders



[1] Trace of tcpdump on the server:
IP client.domain.39585 > server.domain.19053: UDP, length 30
IP server.domain.19053 > client.domain.39585: UDP, length 30
IP client.domain.51077 > server.domain.19053: UDP, length 30
IP server.domain.19053 > client.domain.51077: UDP, length 30
IP server.domain.49591 > gateway.domain.domain: 11116+ PTR?
x.x.x.10.in-addr.arpa. (41)
IP client.domain.58550 > server.domain.19053: UDP, length 43
IP server.domain.19053 > client.domain.58550: UDP, length 43
IP gateway.domain.domain > server.domain.49591: 11116* 1/0/0 PTR
client.domain. (76)
IP client.domain.35406 > server.domain.19053: UDP, length 43
IP server.domain.19053 > client.domain.35406: UDP, length 43
IP server.domain.55162 > gateway.domain.domain: 33538+ PTR?
x.x.x.10.in-addr.arpa. (41)
IP client.domain.41624 > server.domain.19053: UDP, length 30
IP server.domain.19053 > client.domain.41624: UDP, length 46
IP gateway.domain.domain > server.domain.55162: 33538* 1/0/0 PTR
gateway.domain. (75)
IP client.domain.46034 > server.domain.19050: Flags [S], seq 3208505086,
win 14600, options [mss 1460,sackOK,TS val 4208312 ecr 0,nop,wscale 7],
length 0
IP server.domain.19050 > client.domain.46034: Flags [S.], seq 1175066879,
ack 3208505087, win 5792, options [mss 1460,sackOK,TS val 13096141 ecr
4208312,nop,wscale 4], length 0
IP client.domain.46034 > server.domain.19050: Flags [.], ack 1, win 115,
options [nop,nop,TS val 4208312 ecr 13096141], length 0
IP client.domain.46034 > server.domain.19050: Flags [P.], seq 1:233, ack 1,
win 115, options [nop,nop,TS val 4208312 ecr 13096141], length 232
IP server.domain.19050 > client.domain.46034: Flags [.], ack 233, win 429,
options [nop,nop,TS val 13096141 ecr 4208312], length 0
IP server.domain.19050 > client.domain.46034: Flags [R.], seq 1, ack 233,
win 429, options [nop,nop,TS val 13096141 ecr 4208312], length 0


[2] Tor log:
[info] evdns_server_callback(): Got a new DNS request!
[info] evdns_server_callback(): None of the questions we got were ones
we're willing to support. Sending NOTIMPL.
[info] evdns_server_callback(): Got a new DNS request!
[info] evdns_server_callback(): None of the questions we got were ones
we're willing to support. Sending NOTIMPL.
[info] evdns_server_callback(): Got a new DNS request!
[info] evdns_server_callback(): None of the questions we got were ones
we're willing to support. Sending NOTIMPL.
[info] evdns_server_callback(): Got a new DNS request!
[info] evdns_server_callback(): None of the questions we got were ones
we're willing to support. Sending NOTIMPL.
[info] evdns_server_callback(): Got a new DNS request!
[debug] connection_add_impl(): new conn type Socks, socket -1, address
10.x.x.x, n_conns 7.
[info] evdns_server_callback(): Passing request for [scrubbed] to
rewrite_and_attach.
[debug] connection_ap_handshake_rewrite_and_attach(): Client asked for
[scrubbed]:0
[info] addressmap_rewrite(): Addressmap: rewriting [scrubbed] to [scrubbed]
[info] evdns_server_callback(): Passed request for [scrubbed] to
rewrite_and_attach_if_allowed.
[debug] conn_read_callback(): socket 53 wants to read.
[debug] connection_handle_listener_read(): Connection accepted on socket 12
(child of fd 53).
[debug] connection_add_impl(): new conn type Socks, socket 12, address
10.x.x.x, n_conns 8.
[debug] connection_ap_process_transparent(): entered.
[warn] getsockopt() failed: Protocol not available
[warn] Fetching original destination failed. Closing.
[debug] conn_close_if_marked(): Cleaning up connection (fd -1).
[debug] connection_remove(): removing socket -1 (type Socks), n_conns now 8
[debug] conn_close_if_marked(): Cleaning up connection (fd 12).
[debug] connection_remove(): removing socket 12 (type Socks), n_conns now 7
[debug] _connection_free(): closing fd 12.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk