[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Tor TransparentProxy with iptables breaks connections ?
Hello again :)
At https://ruggedinbox.com we are running a 'standard' email server,
using postfix, dovecot, and so on ..
The server is also able to receive and send emails to the onionland,
thanks to Tor providing DNS resolution for onion addresses and 'unbound'
for the clearnet.
As you may know, the full setup needs some iptables magic, as documented
so we run the following rules:
1. iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT
2. iptables -A OUTPUT -m conntrack --ctstate INVALID -j DROP
3. iptables -A OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m
tcp --tcp-flags ACK,FIN ACK,FIN -j DROP
4. iptables -A OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m
tcp --tcp-flags ACK,RST ACK,RST -j DROP
but it looks like the third rule breaks connections: the mail client
timeouts while checking POP mailboxes, randomly but very often.
Do you think that is safe to discard the third and forth rules ?
And if not, do you have other suggestions to be safe and prevent leaks ?
Thank you very much for supporting,
we look forward to publish all ruggedinbox's configuration as soon as
everything works ok
(and perhaps a 'ruggedinbox distro')
in order to have a starting base on which discuss and request for
which will help people to build their private email server, secure,
spam-resistant and Tor-aware :)
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to