Yet another UDP / DNS quiestion...

tagnaq tagnaq at gmail.com
Sat Feb 12 23:32:55 UTC 2011


On 02/12/2011 05:30 AM, Tomasz Moskal wrote:
> I was reading Transparently Routing Traffic Through Tor 
> <https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy>
> and although I don't need to run Tor as transparent proxy I like the
> idea of routing the UDP/DNS requests to localhost. If I will reroute
> all those requests with iptables to the port on which Tor is
> listening I should have no problems with DNS leaking, right?

Yes if you redirect DNS requests to Tor's DNSPort you should be safe
against DNS leaks.

> 3. iptables
> 
> iptables -t nat -A OUTPUT -o lo -j RETURN iptables -t nat -A OUTPUT
> -m owner --uid-owner $TOR_UID -j RETURN iptables -t nat -A OUTPUT -p
> udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A
> PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53 
> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
> iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT iptables
> -A OUTPUT -j REJECT

I guess you are talking about a local setup without a "middlebox"
involved. If my assumption is correct you want to refer to the following
section in the document:
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy#LocalRedirectionThroughTor

as far as I can see you copied parts of the iptables rules from the
"middlebox" setup from this section:
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy#LocalRedirectionandAnonymizingMiddlebox


***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list