[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Yet another UDP / DNS quiestion...

On 02/13/2011 03:20 PM, Tomasz Moskal wrote:
> Do I have to use AutomapHostsOnResolve 1 as well? Seems to be pointless
> without defining AutomapHostsSuffixes.

No it is not pointless because also if you do not use
AutomapHostsSuffixes in your config ".exit" and ".onion" are
AutomapHostsSuffixes per default.

> One more question: will those rules route all UDP traffic to port 53 or
> just DNS requests? What will happen with UDP not relating to DNS?

The UDP rules in the LocalRedirectionThroughTor section:

redirect only UDP packets with destination port 53 (usually DNS
requests) to the DNSPort. All other outgoing UDP traffic is
blocked/rejected with the last rule:
iptables -A OUTPUT -j REJECT

The penultimate rule:
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
would allow a program running with the $TOR_UID to send UDP traffic.

I will suggest to add -p tcp to that rule.

To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/