[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
NatdPort
Hello
Have any FreeBSD or Mac OS X users gotten natd to work with Tor's NatdPort
for transparent proxy? I haven't had any luck. I ask because NatdPort seems
to be the only way to get transparent proxy functionality on OSX, as OSX
lacks openbsd pf.
A log of some testing on OS X Leopard is included bellow.
I created a new dummy user called 'toruser', and added this divert rule:
ipfw add 20 divert 9999 tcp from any to any uid toruser
I tried to run natd like this in terminal 1:
natd -p 9999 -v -interface lo0 -proxy_only -proxy_rule type encode_tcp_stream server 127.0.0.1:12345
where 9999 is the divert port and 127.0.0.1:12345 is the NatdPort listener
(although in this case im using netcat for testing).
I ran this in terminal 2:
nc -vv -l 12345
Then I did this in terminal 3:
sudo -u toruser telnet 123.123.123.123
Natd printed this:
natd[13353]: Aliasing to 127.0.0.1, mtu 16384 bytes
Out [TCP] [TCP] 192.168.0.153:62682 -> 123.123.123.123:23 aliased to
[TCP] 127.0.0.1:62682 -> 127.0.0.1:12345
Out [TCP] [TCP] 192.168.0.153:62683 -> 123.123.123.123:23 aliased to
[TCP] 127.0.0.1:62683 -> 127.0.0.1:12345
Out [TCP] [TCP] 192.168.0.153:62683 -> 123.123.123.123:23 aliased to
[TCP] 127.0.0.1:62683 -> 127.0.0.1:12345
Out [TCP] [TCP] 192.168.0.153:62683 -> 123.123.123.123:23 aliased to
[TCP] 127.0.0.1:62683 -> 127.0.0.1:12345
Out [TCP] [TCP] 192.168.0.153:62683 -> 123.123.123.123:23 aliased to
[TCP] 127.0.0.1:62683 -> 127.0.0.1:12345
Out [TCP] [TCP] 192.168.0.153:62683 -> 123.123.123.123:23 aliased to
[TCP] 127.0.0.1:62683 -> 127.0.0.1:12345
Out [TCP] [TCP] 192.168.0.153:62683 -> 123.123.123.123:23 aliased to
[TCP] 127.0.0.1:62683 -> 127.0.0.1:12345
Out [TCP] [TCP] 192.168.0.153:62683 -> 123.123.123.123:23 aliased to
[TCP] 127.0.0.1:62683 -> 127.0.0.1:12345
....
So natd sees something and tries to send it to the listener. But netcat
never picks up the connection attempt.
I tried again with tcpdump on (italk is port 12345):
$ sudo tcpdump -i lo0 tcp and port 12345
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo0, link-type NULL (BSD loopback), capture size 96 bytes
22:47:41.892728 IP localhost.62693 > localhost.italk: S 2126515082:2126515082(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 164238483 0,sackOK,eol>
22:47:42.847447 IP localhost.62693 > localhost.italk: S 2126515082:2126515082(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 164238492 0,sackOK,eol>
22:47:43.863728 IP localhost.62693 > localhost.italk: S 2126515082:2126515082(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 164238502 0,sackOK,eol>
22:47:44.878329 IP localhost.62693 > localhost.italk: S 2126515082:2126515082(0) win 65535 <mss 1460,sackOK,eol>
22:47:45.893080 IP localhost.62693 > localhost.italk: S 2126515082:2126515082(0) win 65535 <mss 1460,sackOK,eol>
22:47:46.907372 IP localhost.62693 > localhost.italk: S 2126515082:2126515082(0) win 65535 <mss 1460,sackOK,eol>
22:47:48.937066 IP localhost.62693 > localhost.italk: S 2126515082:2126515082(0) win 65535 <mss 1460,sackOK,eol>
22:47:52.994428 IP localhost.62693 > localhost.italk: S 2126515082:2126515082(0) win 65535 <mss 1460,sackOK,eol>
22:48:01.110250 IP localhost.62693 > localhost.italk: S 2126515082:2126515082(0) win 65535 <mss 1460,sackOK,eol>
If I read this right, tcpdump shows that SYN packets are sent,
but where's the SYN/ACK, etc, to complete the handshake? I assume
there's something wrong with the firewall rule or the natd cmd line.
Any ideas?
--
Christopher Davis
Mangrin Remailer Admin
PGP: 0x0F8DA163