Transparently anonymizing traffic iptables problem
unknown
unknown at pgpru.com
Tue Feb 17 17:40:15 UTC 2009
On Mon, 9 Feb 2009 19:42:03 +0000
unknown <unknown at pgpru.com> wrote:
> https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy :
>
> [quote]
>
> 2.1. Transparently anonymizing traffic for a specific user
>
> [code]
> iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --syn -j REDIRECT --to-ports 9040
>
> iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53
>
> iptables -t nat -A OUTPUT -m owner --uid-owner anonymous -j DROP
> [/code]
>
> [/quote]
>
> But last iptables rule will not working anymore.
>
> Iptables warning:
>
> [quote]
> The "nat" table is not intended for filtering, hence the use of DROP is deprecated and will permanently be disabled in the next iptables release. Please adjust your scripts.
> [/quote]
>
> What's better iptables rule for *specific* user?
>
Is it right instead DROP change destination of all packets for all ports and protocols from specific user to localhost to block what to tor or privoxy can't accept?
iptables -t nat -A OUTPUT -m owner --uid-owner anonymous -j DNAT --to-destination 127.0.0.1
More information about the tor-talk
mailing list