[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor bridges on borrowed ports

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Tor bridges on borrowed ports
From: kzhm@xxxxxxxxxxx
Date: Sat, 3 May 2014 16:55:24 -0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 03 May 2014 13:00:39 -0400
In-reply-to: <alpine.LRH.2.02.1405021139580.26904@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <b0a7fd4bd9b7635af6d92bfac8f780a9.id@mailtor> <alpine.LRH.2.02.1405021139580.26904@xxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: >_<

Thank you, Aaron.

> You can do source+destination NAT (aka "hairpinning") using only the
> iptables command, which is often installed already on most Linux boxes.
> This is the equivalent of having a port-forwarding TCP proxy.
>
> Assuming your external-facing interface is eth0, you want to forward your
> local TCP port 5432 to the remote IP 2.3.4.5 on port 6789, this would be:
>
>    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5432 -j DNAT
> --to-destination 2.3.4.5:6789
>
>    iptables -t nat -A POSTROUTING -d 2.3.4.5 -o eth0 -j MASQUERADE

This looks great. Especially since I can do this on a router for a whole
subnet.

This would change the src ip, too, so the donating host would appear to be
the
bridge user. I don't think there's a proper way around that, so maybe we
could
just ignore that? Would be nice if somebody who's responsible for the stats
could comment on this.

Truly yours,
Alice


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Tor bridges on borrowed ports
  - From: kzhm
- Re: [tor-relays] Tor bridges on borrowed ports
  - From: Aaron Hopkins

Prev by Author: [tor-relays] Tor bridges on borrowed ports
Next by Author: Re: [tor-relays] About running an Exit node
Previous by thread: Re: [tor-relays] Tor bridges on borrowed ports
Next by thread: Re: [tor-relays] Offer to run bridges on your unused ports
Index(es):
- Author
- Thread