[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Tor bridges on borrowed ports
Thank you, Aaron.
> You can do source+destination NAT (aka "hairpinning") using only the
> iptables command, which is often installed already on most Linux boxes.
> This is the equivalent of having a port-forwarding TCP proxy.
>
> Assuming your external-facing interface is eth0, you want to forward your
> local TCP port 5432 to the remote IP 2.3.4.5 on port 6789, this would be:
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5432 -j DNAT
> --to-destination 2.3.4.5:6789
>
> iptables -t nat -A POSTROUTING -d 2.3.4.5 -o eth0 -j MASQUERADE
This looks great. Especially since I can do this on a router for a whole
subnet.
This would change the src ip, too, so the donating host would appear to be
the
bridge user. I don't think there's a proper way around that, so maybe we
could
just ignore that? Would be nice if somebody who's responsible for the stats
could comment on this.
Truly yours,
Alice
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays