Yet another UDP / DNS quiestion...
tagnaq
tagnaq at gmail.com
Sat Feb 12 23:32:55 UTC 2011
On 02/12/2011 05:30 AM, Tomasz Moskal wrote:
> I was reading Transparently Routing Traffic Through Tor
> <https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy>
> and although I don't need to run Tor as transparent proxy I like the
> idea of routing the UDP/DNS requests to localhost. If I will reroute
> all those requests with iptables to the port on which Tor is
> listening I should have no problems with DNS leaking, right?
Yes if you redirect DNS requests to Tor's DNSPort you should be safe
against DNS leaks.
> 3. iptables
>
> iptables -t nat -A OUTPUT -o lo -j RETURN iptables -t nat -A OUTPUT
> -m owner --uid-owner $TOR_UID -j RETURN iptables -t nat -A OUTPUT -p
> udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A
> PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53
> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT iptables
> -A OUTPUT -j REJECT
I guess you are talking about a local setup without a "middlebox"
involved. If my assumption is correct you want to refer to the following
section in the document:
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy#LocalRedirectionThroughTor
as far as I can see you copied parts of the iptables rules from the
"middlebox" setup from this section:
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy#LocalRedirectionandAnonymizingMiddlebox
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list