[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: reconsidering default exit policy



On Thu, Mar 10, 2005 at 05:38:59PM -0600, Wes Felter wrote:
> Geoffrey Goodell wrote:
> 
> ># reject private networks (no surprises!)  My understanding is that you
> ># might want to eliminate the 127.0.0.0/8 line if your kernel
> ># short-circuits connections to local services and if you want those
> ># services to be available to Tor users who happen to choose your Tor
> ># node as an exit... someone please correct me if this is wrong.
> 
> I can't imagine why a kernel would rewrite destination addresses that 
> way, but it doesn't matter since the kernel sees the packets after they 
> come out of Tor. But I could imagine a case where the DNS resolver 
> returns 127.0.0.1 when a machine looks up its own hostname (even though 
> that doesn't sound like it should happen either).

This has nothing to do with DNS resolution.  The point is that some
kernels short-circuit packets destined to IP addresses corresponding to
other interfaces of the machine.  If I had such a kernel, and one
network interface configured as 140.247.62.119, then all packets
destined to 140.247.62.119 would be short-circuited to the loopback
interface.

I am not sure how to characterize which kernels have this "feature" and
which do not.

Geoff

Attachment: signature.asc
Description: Digital signature