[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Yet another UDP / DNS quiestion...

To: or-talk@xxxxxxxxxxxxx
Subject: Yet another UDP / DNS quiestion...
From: Tomasz Moskal <ramshackle.industries@xxxxxxxxx>
Date: Sat, 12 Feb 2011 04:30:37 +0000
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 11 Feb 2011 23:30:49 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:subject:from:to:content-type:date:message-id :mime-version:x-mailer; bh=0s61c79IbMuAtXskABoe/lBaJ+D2HAKKPKWTcivtJY0=; b=N/jAs/xtNwOooetjMSwjkgLuQoj5CvhohTmYg21lly+PM6FM4XTVa+lbOcl4w320kX eB27aqJSGIFjnPnrx0Jue5Ce/GU/OeA7wLci9/6Iktl12sMSwOchi3gnbRVgrvAuMUOL ha7dsb2ad8eVh5qZUvyo2PCWSUJncSJTLbVaU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:content-type:date:message-id:mime-version:x-mailer; b=A3dEdLsCqUzZyw87f+savGEnrK8D1N3jZHVdvfNeRM8e2LNQmiIeKzpl4yPD1wZuca ev3hmwb+W4wbiSVyxDNRO/CU4U3wIJoSSXhztDMFOcnP+N+FZLHgERjoTGFLNcbINWw3 /cPt44H/RJbDgOrU12RqO+BcQy6x6FbQIOV5E=
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

I feel that I should explain something before I start asking any
questions so here we go: I'm a fresh convert to Linux (barely few week
on Ubuntu!) and as much as I'm fascinated by the matters relating to
networking, security and anonymity in equal measure I'm intimidated by
them. I don't posses any deep knowledge of those topics, I still barely
can handle the basics. But with the wealth of knowledge out there and a
healthy dose of experimentation I intend to change this. So if my
questions are naive (or plainly stupid) please bear in mind that I'm new
here. And now for what is bordering me...

I was reading Transparently Routing Traffic Through Tor
<https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy> and although I don't need to run Tor as transparent proxy I like the idea of routing the UDP/DNS requests to localhost. If I will reroute all those requests with iptables to the port on which Tor is listening I should have no problems with DNS leaking, right? That should do the trick then:

1. torrc

DNSPort 53
DNSListenAddress 127.0.0.1

2. resolv.conf

nameserver 127.0.0.1

3. iptables

iptables -t nat -A OUTPUT -o lo -j RETURN
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT
--to-ports 53
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j REJECT

I'm not an expert regarding iptables and 'man iptables' is *very*
frightening for someone who barely slides on the surface of all this.
From steep three above I sort of understand purpose of rules three and
four but rest of them... Are they needed in this example or they can be
safely omitted? If in fact they are required for this set-up to work
what is their purpose? I will of course replace $INT_IF and $TOR_UID
with required values.

--
Tomasz Moskal <ramshackle.industries@xxxxxxxxx>
Encrypted mail preferred. Key ID: 2C323C82

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: Yet another UDP / DNS quiestion...
  - From: tagnaq

Prev by Author: Re: Tor raid [was: "cease and desist" from my vps provider...]
Next by Author: Re: Yet another UDP / DNS quiestion...
Previous by thread: Re: Macports tor broken?
Next by thread: Re: Yet another UDP / DNS quiestion...
Index(es):
- Author
- Thread