[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Tor bridges on borrowed ports
On Fri, 2 May 2014, kzhm@xxxxxxxxxxx wrote:
*) dark iptables nat magic
You can do source+destination NAT (aka "hairpinning") using only the
iptables command, which is often installed already on most Linux boxes.
This is the equivalent of having a port-forwarding TCP proxy.
Assuming your external-facing interface is eth0, you want to forward your
local TCP port 5432 to the remote IP 2.3.4.5 on port 6789, this would be:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5432 -j DNAT --to-destination 2.3.4.5:6789
iptables -t nat -A POSTROUTING -d 2.3.4.5 -o eth0 -j MASQUERADE
You also need to enable IP forwarding, which can be done in a distribution
specific way, or directly with:
sysctl net.ipv4.ip_forward=1
Can I announce an address that isn't directly mine? Can I use my address
for outbound traffic to the next relay or do I need to use the "bridge
address" for that?
I don't know about the announcements, though.
-- Aaron
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays