[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Iptables configuration for a transparent proxy for a single user
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Iptables configuration for a transparent proxy for a single user
- From: John Brooks <special@xxxxxxxxxxxxxxxx>
- Date: Thu, 14 May 2009 01:23:43 -0600
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Thu, 14 May 2009 03:23:46 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:content-transfer-encoding; bh=d+JNH23A6Fp4cNPk8j4uNxrsAxxt6QCmmbVZGjC/tog=; b=A50UJBSIFH+Z/IgOVQQqF4TqQT/b22OchRn6CaVrnGxRQfi3Kse+Jm3L6BL+xjEWp0 lFe3BdnZDY4WfqUJsRPXMRI2EAw26fwgboBWMleYGW0SQOvEMZAyhJm4b12REd8mrWk+ sH+bBxWJy7KhYFTrK7H+FpHQs9OwLWYmsY0Hc=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=Es7dz3Paq3xdGewDpNXNtVyLw1T8xrItwJnRRa+ktLHYTfPHqSYbLTsgLfAGb1K8XW GUnuOIUxedldJe/LqeiYdnTxqJMJ7P9elPoZUyCKDOpBUQfIcFo2GLNaxE9vVvxodj4c S9JLUxI7YqSS3Za/N1m8xvBiFX7F6BfbI/Ey8=
- In-reply-to: <87skj8464t.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- References: <87skj8464t.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Removing '-t nat' from the last rule should do what you need. Only the
first two really need to be in the NAT table (because they are
modifying the traffic, not filtering it).
- John Brooks
On Wed, May 13, 2009 at 11:15 PM, leandro noferini
<lnoferin@xxxxxxxxxxxxxxx> wrote:
> Ciao a tutti,
>
> in tor wiki at the address
>
> http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy#head-235f10e71909d609c46847c9f91efe8ed5168004
>
> explains the way to apply a trasparent proxy for a specific user.
>
> The rules for iptables are
>
> iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --syn -j REDIRECT --to-ports 9040
> iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53
> iptables -t nat -A OUTPUT -m owner --uid-owner anonymous -j DROP
>
> In my debian unstable linux (kernel 2.6.29 and iptables 1.4.3.2-2 from
> package) these rules don't work anymore and this is the message from
> iptables
>
> The "nat" table is not intended for filtering, the use of DROP is therefore inhibited.
>
> Does anyone know the changes needed tomake it work again?
>
>
> --
> Ciao
> leandro
> Io non voglio sapere tutto, io voglio capire tutto
>