[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

IPTables transparent configuration

To: or-talk@xxxxxxxx
Subject: IPTables transparent configuration
From: Curt Shaffer <cshaffer@xxxxxxxxx>
Date: Tue, 16 Nov 2010 13:19:41 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 16 Nov 2010 13:19:51 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=ZwBhEu1yhF3eVS/yj6YUFax8N45JPLVErGqfB3rExNs=; b=QMLODb1tPF9id4aPhcfqvtdXtmNX0lpi4mXSTiHJUU0njT6Kf21+Dtwt9K6Q73Tht8 ONB5BMyBTbQuOLSxAC8DmtQDeOQJX4E5aWxPl4YmM5yEjpa09ESUOJ9GNwGQ3syZYQvw TPLPDh8UC/Gr7Xgk5TJSBhSdyTqZnmCxEOclU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=pQSj/93MWez9DztltW9dSqoONShecC5OJ6PSbggn36VlhtmygcrHw54RR3fSNvzCrY E1SGH9LhSnhka43CYmHdIf2h++zQOziZP0C6bTQs9r8xTGSgId4Ea2ZIqSTmJuD72+7o z7xa9K/ubbLeSD6G6IMpC/yAT9kqcKMk5fUQU=
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

I have been searching the documentation and Internet for days on this
setup. Let me give some background first.

In this network (172.16.10.0/24) I have a couple of clients. Their
default gateway is 172.16.10.1. This system is a Linux server.

The Linux server has a LAN IP of 172.16.10.1 and a "WAN" IP of
10.0.0.23. This server is also running TOR. The "WAN" IP address of
this system is actually being NATTED again by a firewall to an
external IP address.

I want all traffic on the 172.16.10.0/24 network to use this Linux
server as their default gateway. In that gateway, I want IPTables to
send all of the traffic from that subnet through TOR.

If use IPTables to NAT the addresses like this:

eth0=WAN
eth1=LAN

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -m state --state
RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT


General network connectivity works.

If I introduce TOR with IPTables like this:

iptables -t nat -A OUTPUT -p tcp -m tcp -j REDIRECT --to-ports 9040
iptables -t filter -A OUTPUT -p tcp -m tcp --dport 9040 -j ACCEPT

TOR connectivity works from the Linux server, but all of the clients
on the 172.16.10.0/24 network no longer work at all. No NAT to the
general Internet, no TOR, no nothing.

I'm thinking this may be an IPTables problem, but I wanted to post
this to this list just to see if anyone else has accomplished such a
setup. If you have, please let me know what I may be doing wrong. If
you need more detailed information, please ask.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Prev by Author: [OT] Re: U.S. begins censoring Internet at U.K.'s request
Next by Author: Re: IPTables transparent configuration
Previous by thread: Re: can I only use 3 bridges in torrc ? thx
Next by thread: Re: IPTables transparent configuration
Index(es):
- Author
- Thread