[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Skip nat for private traffic with anonymizing middlebox

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Skip nat for private traffic with anonymizing middlebox
From: Cyrus <cyrus_the_great@xxxxxxxxxx>
Date: Mon, 02 Jun 2014 10:01:07 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 02 Jun 2014 06:11:15 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

I run an internal network where I use two virtual machines for hosting
hidden services. I have a gateway and a web server, and the gateway is a
transparent proxy. The gateway is a Linux system using iptables based on
the directions on the Tor wiki for an anonymizing middlebox:
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#AnonymizingMiddlebox

These directions have one problem. Traffic from the web server can't
access the gateways services, such as SSH. I am not familiar enough with
iptables to be completely sure how to bypass these rules for requests to
the private IP of the gateway.

The rules:
# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 5642 packets, 323K bytes)
 pkts bytes target     prot opt in     out     source
destination
 6937  483K REDIRECT   udp  --  eth1   *       0.0.0.0/0
0.0.0.0/0            udp dpt:53 redir ports 53
  827 49620 REDIRECT   tcp  --  eth1   *       0.0.0.0/0
0.0.0.0/0            tcp flags:0x17/0x02 redir ports 9040

Chain INPUT (policy ACCEPT 11502 packets, 728K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 43839 packets, 2624K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain POSTROUTING (policy ACCEPT 45541 packets, 2692K bytes)
 pkts bytes target     prot opt in     out     source
destination

Help would be appreciated so it doesn't redirect traffic going to the
gateway.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] Non-free country law preventing Tor from getting donations
Next by Author: [tor-talk] Stem Release 1.2
Previous by thread: Re: [tor-talk] canvas fingerprinting
Next by thread: Re: [tor-talk] [Cryptography] DOJ Wants to Expand Authority to Break Into Suspects' Computers
Index(es):
- Author
- Thread