Re: Anonymous/Nonymous Communication Coexisting?

["maillist" <maillist@xxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> > #!/bin/sh
> >
> > # 192.168.10.1 = router
> > # 192.168.10.10 = workstation to proxy
> > # 192.168.10.1:3128 = Squid
> > # 192.168.10.1:1211 = Transsocks
> >
> >
> > INCLUDE="192.168.10.10"
> > EXCLUDE="192.168.0.0/16 127.0.0.1 10.12.77.0/24"
> >
> >
> > #Exceptions
> > for exception in ${EXCLUDE} ; do
> >         iptables -t nat -A PREROUTING --dst ${exception} -j RETURN
> > done
> >
> > #Avoid feedback loops
> > #iptables -t nat -A PREROUTING -m owner --cmd-owner transocks -j RETURN
> >
> > #Send to transocks
> > for host in ${INCLUDE} ; do
> >         #iptables -t nat -A PREROUTING -s ${host} -p tcp -j
> > LOG --log-level
> > info --log-prefix "SOCKSify "
> >         iptables -t nat -A PREROUTING -s ${host} -d ! 192.168.10.1 -p
> > tcp --dport 80 -j REDIRECT --to-port 3128
> >         #iptables -t nat -A PREROUTING -s ${host} -p tcp --dport 80 -j
> > DNAT --to 192.168.10.1:3128
> >         iptables -t nat -A POSTROUTING -s ${host} -d 192.168.10.1 -j
> > SNAT --to-source 192.168.10.1
> >         iptables -t nat -A PREROUTING -s ${host} -p tcp -j
> > REDIRECT --to-port 1211
> >         iptables -t nat -A PREROUTING -s ${host} -j DROP
> > done
> >
> > # Socksify traffic leaving this host:
> > #iptables -t nat -A OUTPUT -p tcp --syn -j PREROUTING
> >
> >
> > Markus
>
> I configured myself like this too.  Very nice. I have one problem left
> still. The machine on which the programs are, the router, doesn't want to
> connect via squid nor transocks, i. e. transparent proxying works only for
> the machines on the LAN, not the server/router itself.  Any hints?
> Here are the pertinent iptables rules, and as one can see nothing's
> hitting
> the OUPTUT chain:
>
> ~# iptables-save -c -t nat
> # Generated by iptables-save v1.2.11 on Fri Jun 10 10:59:23 2005
> *nat
> :PREROUTING ACCEPT [1204:84937]
> :POSTROUTING ACCEPT [1456:101425]
> :OUTPUT ACCEPT [0:0]
> :SOCKSIFY - [0:0]
> [101:5252] -A PREROUTING -s 192.168.167.0/255.255.255.0 -p tcp -m tcp \
> --tcp-flags SYN,RST,ACK SYN -j SOCKSIFY
> [0:0] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j SOCKSIFY
> [768:43008] -A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
> \
> --clamp-mss-to-pmtu
> [0:0] -A POSTROUTING -s 192.168.167.0/255.255.255.0 -d ! \
> 192.168.167.0/255.255.255.0 -o ppp+ -j MASQUERADE
> [0:0] -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j SOCKSIFY
> [0:0] -A SOCKSIFY -o lo -j RETURN
> [0:0] -A SOCKSIFY -p tcp -m tcp --dport 9055 -j RETURN
> [0:0] -A SOCKSIFY -d 66.240.11.101 -j RETURN
> [0:0] -A SOCKSIFY -d 143.247.254.11 -j RETURN
> [0:0] -A SOCKSIFY -d 143.247.253.10 -j RETURN
> [0:0] -A SOCKSIFY -d 216.239.64.140 -j RETURN
> [0:0] -A SOCKSIFY -d 209.237.230.66 -j RETURN
> [0:0] -A SOCKSIFY -d 206.241.31.21 -j RETURN
> [36:1872] -A SOCKSIFY -d 192.168.167.0/255.255.255.0 -j RETURN
> [0:0] -A SOCKSIFY -d 127.0.0.1 -j RETURN
> [0:0] -A SOCKSIFY -s 127.0.0.1 -j RETURN
> [65:3380] -A SOCKSIFY -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j LOG \
> --log-prefix "SOCKSify: " --log-level 6
> [65:3380] -A SOCKSIFY -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8888
> [0:0] -A SOCKSIFY -p tcp -j REDIRECT --to-ports 1211
> COMMIT
> # Completed on Fri Jun 10 10:59:24 2005
>
>
> Many Thanks!
>
>
> Rescator
> (GingkoBiloba server)

Maybe iptables-mailinglist would help?

Markus

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959
Comment: GnuPT 2.6.2.1 by EQUIPMENTE.DE

iD8DBQFCry8Z6fSN8IKlpYoRAma+AJ489HUP9PpVcmIzWNya3jhZYVAKJgCgmLSn
1CH29anM0tAZ0ESvLFjkbL4=
=5tLp
-----END PGP SIGNATURE-----