On Thu, Mar 10, 2005 at 05:38:59PM -0600, Wes Felter wrote: > Geoffrey Goodell wrote: > > ># reject private networks (no surprises!) My understanding is that you > ># might want to eliminate the 127.0.0.0/8 line if your kernel > ># short-circuits connections to local services and if you want those > ># services to be available to Tor users who happen to choose your Tor > ># node as an exit... someone please correct me if this is wrong. > > I can't imagine why a kernel would rewrite destination addresses that > way, but it doesn't matter since the kernel sees the packets after they > come out of Tor. But I could imagine a case where the DNS resolver > returns 127.0.0.1 when a machine looks up its own hostname (even though > that doesn't sound like it should happen either). This has nothing to do with DNS resolution. The point is that some kernels short-circuit packets destined to IP addresses corresponding to other interfaces of the machine. If I had such a kernel, and one network interface configured as 140.247.62.119, then all packets destined to 140.247.62.119 would be short-circuited to the loopback interface. I am not sure how to characterize which kernels have this "feature" and which do not. Geoff
Attachment:
signature.asc
Description: Digital signature