On 02/13/2011 03:20 PM, Tomasz Moskal wrote: > Do I have to use AutomapHostsOnResolve 1 as well? Seems to be pointless > without defining AutomapHostsSuffixes.
No it is not pointless because also if you do not use AutomapHostsSuffixes in your config ".exit" and ".onion" are AutomapHostsSuffixes per default. > One more question: will those rules route all UDP traffic to port 53 or > just DNS requests? What will happen with UDP not relating to DNS? The UDP rules in the LocalRedirectionThroughTor section: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy#LocalRedirectionThroughTor redirect only UDP packets with destination port 53 (usually DNS requests) to the DNSPort. All other outgoing UDP traffic is blocked/rejected with the last rule: iptables -A OUTPUT -j REJECT The penultimate rule: iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT would allow a program running with the $TOR_UID to send UDP traffic. I will suggest to add -p tcp to that rule. *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/