[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor bridges on borrowed ports



On Fri, 2 May 2014, kzhm@xxxxxxxxxxx wrote:

*) dark iptables nat magic

You can do source+destination NAT (aka "hairpinning") using only the
iptables command, which is often installed already on most Linux boxes. This is the equivalent of having a port-forwarding TCP proxy.

Assuming your external-facing interface is eth0, you want to forward your
local TCP port 5432 to the remote IP 2.3.4.5 on port 6789, this would be:

  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5432 -j DNAT --to-destination 2.3.4.5:6789

  iptables -t nat -A POSTROUTING -d 2.3.4.5 -o eth0 -j MASQUERADE

You also need to enable IP forwarding, which can be done in a distribution
specific way, or directly with:

  sysctl net.ipv4.ip_forward=1

Can I announce an address that isn't directly mine? Can I use my address
for outbound traffic to the next relay or do I need to use the "bridge
address" for that?

I don't know about the announcements, though.

                                    -- Aaron
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays