[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] glibc's DNS lookups fail
> On 2012-02-14, douglastskillern@xxxxxxxxxxx
> <douglastskillern@xxxxxxxxxxx> wrote:
>> Hello List,
>>
>> I am experiencing a strange problem for about two weeks or so.
>>
>> I am using GNU/Liux (Debian 6 x86-64) and Tor 0.2.2.35 built from
>> source.
>> I forward all my tcp traffic and udp traffic on port 53 to my tor
>> instance
>> via netfilter.
>
> Are you using the iptables rules shown on
> https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy ?
Yeah, pretty much. I am able to reproduce my problem with a minimal
iptables setup, though.
function stop()
{
ip6tables -P INPUT ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -P FORWARD ACCEPT
iptables -t nat -D OUTPUT -j MY_ANONYMIZE
iptables -t nat -F MY_ANONYMIZE
iptables -t nat -X MY_ANONYMIZE
}
function start()
{
ip6tables -P INPUT DROP
ip6tables -P OUTPUT DROP
ip6tables -P FORWARD DROP
iptables -t nat -N MY_ANONYMIZE
iptables -t nat -A OUTPUT -j MY_ANONYMIZE
iptables -t nat -A MY_ANONYMIZE -p udp --destination-port domain -j
REDIRECT --to-ports 9031
}
iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE tcp -- 192.168.179.0/24 !192.168.179.0/24 masq ports:
1024-65535
MASQUERADE udp -- 192.168.179.0/24 !192.168.179.0/24 masq ports:
1024-65535
MASQUERADE all -- 192.168.179.0/24 !192.168.179.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
MY_ANONYMIZE all -- 0.0.0.0/0 0.0.0.0/0
Chain MY_ANONYMIZE (1 references)
target prot opt source destination
REDIRECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
redir ports 9031
(The POSTROUTING stuff is due to a VM I have running.)
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk