[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor TransparentProxy with iptables breaks connections ?

Hello again :)

At https://ruggedinbox.com we are running a 'standard' email server, using postfix, dovecot, and so on ..

The server is also able to receive and send emails to the onionland, thanks to Tor providing DNS resolution for onion addresses and 'unbound' for the clearnet.

As you may know, the full setup needs some iptables magic, as documented in:

so we run the following rules:
1. iptables -t nat -A OUTPUT -p tcp -d -j REDIRECT --to-ports 9040
2. iptables -A OUTPUT -m conntrack --ctstate INVALID -j DROP
3. iptables -A OUTPUT ! -o lo ! -d ! -s -p tcp -m tcp --tcp-flags ACK,FIN ACK,FIN -j DROP 4. iptables -A OUTPUT ! -o lo ! -d ! -s -p tcp -m tcp --tcp-flags ACK,RST ACK,RST -j DROP

but it looks like the third rule breaks connections: the mail client timeouts while checking POP mailboxes, randomly but very often.

Do you think that is safe to discard the third and forth rules ?
And if not, do you have other suggestions to be safe and prevent leaks ?

Thank you very much for supporting,
we look forward to publish all ruggedinbox's configuration as soon as everything works ok
(and perhaps a 'ruggedinbox distro')
in order to have a starting base on which discuss and request for comments, which will help people to build their private email server, secure, spam-resistant and Tor-aware :)
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to