[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor bridges on borrowed ports

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Tor bridges on borrowed ports
From: Aaron Hopkins <lists@xxxxxxx>
Date: Fri, 2 May 2014 12:03:01 -0700 (PDT)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 02 May 2014 15:09:56 -0400
In-reply-to: <b0a7fd4bd9b7635af6d92bfac8f780a9.id@mailtor>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <b0a7fd4bd9b7635af6d92bfac8f780a9.id@mailtor>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Alpine 2.02 (LRH 1266 2009-07-14)

On Fri, 2 May 2014, kzhm@xxxxxxxxxxx wrote:

*) dark iptables nat magic


You can do source+destination NAT (aka "hairpinning") using only the

iptables command, which is often installed already on most Linux boxes.This is the equivalent of having a port-forwarding TCP proxy.


Assuming your external-facing interface is eth0, you want to forward your
local TCP port 5432 to the remote IP 2.3.4.5 on port 6789, this would be:

  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5432 -j DNAT --to-destination 2.3.4.5:6789

  iptables -t nat -A POSTROUTING -d 2.3.4.5 -o eth0 -j MASQUERADE

You also need to enable IP forwarding, which can be done in a distribution
specific way, or directly with:

  sysctl net.ipv4.ip_forward=1

Can I announce an address that isn't directly mine? Can I use my address
for outbound traffic to the next relay or do I need to use the "bridge
address" for that?


I don't know about the announcements, though.

                                    -- Aaron
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Tor bridges on borrowed ports
  - From: kzhm

References:
- [tor-relays] Tor bridges on borrowed ports
  - From: kzhm

Prev by Author: Re: [tor-relays] Non-exit abuse reports
Next by Author: [tor-relays] Confirm IPv6 Setup as Exit Node
Previous by thread: [tor-relays] Tor bridges on borrowed ports
Next by thread: Re: [tor-relays] Tor bridges on borrowed ports
Index(es):
- Author
- Thread