[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor TransparentProxy with iptables breaks connections ?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Tor TransparentProxy with iptables breaks connections ?
From: ml@xxxxxxxxxxxxxxx
Date: Sat, 23 Aug 2014 18:36:35 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 23 Aug 2014 14:37:18 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hello again :)

At https://ruggedinbox.com we are running a 'standard' email server,using postfix, dovecot, and so on ..

The server is also able to receive and send emails to the onionland,thanks to Tor providing DNS resolution for onion addresses and 'unbound'for the clearnet.

As you may know, the full setup needs some iptables magic, as documentedin:

https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
https://lists.torproject.org/pipermail/tor-talk/2014-March/032503.html
https://lists.torproject.org/pipermail/tor-talk/2014-March/032507.html

so we run the following rules:

1. iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT--to-ports 9040

2. iptables -A OUTPUT -m conntrack --ctstate INVALID -j DROP

3. iptables -A OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -mtcp --tcp-flags ACK,FIN ACK,FIN -j DROP4. iptables -A OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -mtcp --tcp-flags ACK,RST ACK,RST -j DROP

but it looks like the third rule breaks connections: the mail clienttimeouts while checking POP mailboxes, randomly but very often.



Do you think that is safe to discard the third and forth rules ?
And if not, do you have other suggestions to be safe and prevent leaks ?


Thank you very much for supporting,

we look forward to publish all ruggedinbox's configuration as soon aseverything works ok

(and perhaps a 'ruggedinbox distro')

in order to have a starting base on which discuss and request forcomments,which will help people to build their private email server, secure,spam-resistant and Tor-aware :)

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor TransparentProxy with iptables breaks connections ?
  - From: elrippo

Prev by Author: Re: [tor-talk] Three questions
Next by Author: Re: [tor-talk] Tor TransparentProxy with iptables breaks connections ?
Previous by thread: Re: [tor-talk] Hiding the presence of hidden services
Next by thread: Re: [tor-talk] Tor TransparentProxy with iptables breaks connections ?
Index(es):
- Author
- Thread