Rusty Bird: > I've reproduced those packets on kernel 3.13 using your iptables rules. > Strangely enough my own personal transproxy setup does not exhibit this > issue [...] Maybe it can be boiled down to this: When redirecting *and* filtering, the filtering should be done in OUTPUT (instead of INPUT), because there you can also verify that the traffic has been redirected to the right place. Rusty
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk