[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Apps which uses outgoing fixed IP-Adrs:AnyPort, forward to Exit-node Then to Internet



Hi adrelanos,
thanks for responding & suggestions.
sorry, NONE are applicable for this case.

anyway, let me repeat & explain with another set of words for others,
again (if some confusion exist in my explanations):

my local dns-server (127.0.0.1:53) (in windows xp), is already
configured to use TCP DNS with Internet DNS Servers, it is sending DNS
queries/questions (domain-name-to-ip-adrs-conversion) to Internet DNS
servers via using an "outgoing" network interface ip address. my local
DNS-Server is using multiple different port(s) to send those queries,
for that "outgoing" interface (192.168.0.10) to various destinations
where port is same( TCP DNS port 53), but ip changes to different
Internet DNS Server's ip address).

now, how to capture all (TCP) traffic coming from my local dns-server's
"outgoing" ip-adrs, and send/forward/transport them though/via TOR ?
i want to send traffic ONLY from that "OUTGOING" ip address (specified
on local-dns-server), not any other app's, not any other traffic, ALL
OTHER traffic must go thru DIRECT Internet via using the default
net-interface adapter's ip address.

(by the way, i do already have few solutions that involves using other
extra tools. that is why i mentioned (twice i think), how to use less
amount of other tools, other than tor & dns-server software itselves).

what i'm asking is, how to configure *"TOR"*, using the "torrc"
configuration command-lines to achieve this function. And if there is
absolutely no other choice, only then use/have a solution that involves
using a 3rd party tool stuff.

looking for a solution that will use only tor, local dns-server software
("unbound"), nothing else, or use something that by default exist on
Windows computers.

my local dns-server is configured to use both tcp & udp dns locally, but
all upstream is tcp dns, it is also configured to block .onion, .exit,
.i2p, etc any even accidental or mistakenly done, or mis-configured
app's any dns leakages. and local dns-server also (need to) using, many
forward-zones, which are forwarding toward very specific DNS servers on
Internet.

it is suppose to be simple ! i dont know why such option already does
not exist in tor !?! TOR has feature of creating listening dns port and
act as dns-server, i dont want it, as that cant be configured to suit my
purpose. Tor has feature/option to create transparent ip address
listening on ONE fixed port, i dont want that i guess, unless it can be
configured to capture that "outgoing" ip address specified local
dns-server's ALL/any ports.
why tor cannot listen to a SINGLE fixed ip address's entire port (1 ~
65535) range's all traffic ?

If "tor" can create such an listening ip-address let's say 10.192.0.10,
then i want to specify that as the "outgoing" interface ip address in
local dns-server's configuration.

-- Bry8Star.




On 9/19/2012 9:05 AM, adrelanos wrote:
> Bry8 Star:
>> Hi, please help me to solve this:
>>
>> On Windows (XP) i have a ("Unbound") DNS Resolver Server software
>> (running on 127.0.0.1:53), which is configured to send its TCP DNS
>> queries via an "outgoing" ip address (lets say, 192.168.0.10, which is
>> my (NetIntrfAdptr) Network Interface Adapter's IP address, connected to
>> router/gateway then to Internet), DNS resolver is using different/random
>> TCP local ports for that NetIntrfAdptr's IP address to send queries
>> toward multiple different Internet DNS/nameserver(s) IP address(es) on
>> their TCP port 53. This DNS resolver is configured to use(/forward
>> queries to) around 40 internet DNS/nameservers for few specific and
>> custom domain-names, TLDs, etc (stub/forward zone) related dns queries.
>> Root zone, the ".", is configured to send/forward query on 5 different
>> censorship free public DNS server(s) on internet, and those dns servers
>> does not keep logs for query, usage, user-info, etc either.
>>
>> I would like to re-configure DNS resolver to perform it's all DNS
>> queries via Tor socks5 proxy server. (once query answers are inside its
>> cache memory then it should work very fast for other apps on this computer).
>>
>> how can i achieve this ?
> 
> You can not *directly* connect to other upstream UDP DNS servers through
> Tor. This is because Tor does not support UDP.
> 
> However, TCP DNS over Tor can work.
> 
> I successfully used DNSCrypt by OpenDNS and httpsdnsd by JonDos over
> Tor. Although I documented it for Whonix, it should be possible without
> Whonix over Tor as well:
> (Note: Whonix specific!)
> http://sourceforge.net/p/whonix/wiki/OptionalConfigurations/#secondary-dns-resolver
> 
> You can also have a look at ttdnsd:
> http://www.mulliner.org/collin/ttdnsd.php
> 
> Alternatively you can connect to DNS servers if you tunnel UDP over Tor.
> Although I documented it for Whonix, it should be possible without
> Whonix over Tor as well:
> (Note: Whonix specific!)
> http://sourceforge.net/p/whonix/wiki/OptionalConfigurations/#tunnel-udp-over-tor
> 
>> let me put it this way ... when an app is sending its outbound network
>> traffics toward a fix IP address's non-fixed different random ports,
>> then how can i forward such traffic inside the tor-network so that
>> traffic can connect to Internet servers from tor exit-node ?
>>
>> can *Tor* be re-configured to present an IP address (for example,
>> 10.192.0.10, for inbound connections) on the local network ? so that i
>> can specify that tor ip address (10.192.0.10) inside the DNS resolver
>> configuration as its outgoing IP address ?
>>
>> how to achieve this without using any other apps, other than the
>> ('unbound') dns server app and the tor app ? (or by using very very less
>> apps/tools).
> 
> If I understand correctly, this would be like "emule regular public
> network and high id over Tor", i.e. open a server port at an exit node
> and let it forward through Tor to your Tor client. Tor does not have
> such a feature. It needs sender and recipient to be aware of using Tor,
> can only be done with hidden services.
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk