Re: [tor-relays] ISP Nat

2018-03-14 Thread Paul Templeton 

Thanks teor

> I would recommend using a caching resolver, it puts much less load on the
> remote resolvers you are using.

Went down this path - its working.

Paul

609662E824251C283164243846C035C803940378

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP Nat

2018-03-13 Thread teor 

> On 14 Mar 2018, at 01:28, Paul Templeton  wrote:
> 
> Thanks nusenu
> 
>> I'd say this is broken network and ask them to fix it.
> Ticket has been lodge but it takes for ever to get something done - The node 
> has been off line for two weeks now (After a power issue in the rack). There 
> has been issue after issue getting the system up again and now this. Was just 
> wondering if you can force DNS requests on ip's 95.130.12.251 and/or 
> 95.130.12.252 as they are not affected.

Tor doesn't have a DNS OutboundBindAddress, but there are two ways you
can do it:
* change the default route to one of these IP addresses
* run a caching resolver, and tell it to bind to one of these IP addresses

I would recommend using a caching resolver, it puts much less load on the
remote resolvers you are using.

T
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP Nat

2018-03-13 Thread Paul Templeton 
Thanks nusenu

> I'd say this is broken network and ask them to fix it.
Ticket has been lodge but it takes for ever to get something done - The node 
has been off line for two weeks now (After a power issue in the rack). There 
has been issue after issue getting the system up again and now this. Was just 
wondering if you can force DNS requests on ip's 95.130.12.251 and/or 
95.130.12.252 as they are not affected.

If not I can run it as a middle for now... SIGH

Paul

609662E824251C283164243846C035C803940378

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP Nat

2018-03-13 Thread nusenu 

>> Can you elaborate on your network topology and NAT?
> 
> Out bound traffic from 95.130.9.210 goes via 95.130.9.1 then 95.130.8.1 then 
> out to the real world.

outbound:
[ 95.130.9.210 ] --> [outbound gw 95.130.9.1 ] --> [2th hop 95.130.8.1 ] --> 
inet

> In bound traffic comes via 95.130.8.11 then 9.130.8.120

inbound:
[ 95.130.9.210 ] <--  [ 9.130.8.120 ]  <-- [SNAT:95.130.8.11 ] <-- inet
 
> It's NATted at 95.130.8.11 and all I see is this address connected to the 
> system(ie all connections show as 95.130.8.11).
> 
> My /etc/network/interface - the DNS server is temporary for testing.


If I understood you correctly and they are simply replacing the source IP of 
all incoming
packets I'd say this is broken network and ask them to fix it.
(it will break more than just DNS resolution
unless they are NATing only on specific protocols [udp] and ports [53]).


 

> auto enp4s0
> iface enp4s0 inet static
> address 95.130.9.210
> netmask 255.255.255.255
> network 95.130.9.210
> broadcast 95.130.9.210
> dns-nameservers 95.130.8.8 95.130.8.9
> #Route statique vers la passerelle
> up ip route add 95.130.9.1 dev enp4s0
> up ip route add default via 95.130.9.1
> 
> up ip addr add 95.130.12.251/24 dev enp4s0
> up ip addr add 95.130.12.252/24 dev enp4s0



-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP Nat

2018-03-13 Thread Paul Templeton 

> Can you elaborate on your network topology and NAT?

Out bound traffic from 95.130.9.210 goes via 95.130.9.1 then 95.130.8.1 then 
out to the real world.
In bound traffic comes via 95.130.8.11 then 9.130.8.120

It's NATted at 95.130.8.11 and all I see is this address connected to the 
system(ie all connections show as 95.130.8.11).

My /etc/network/interface - the DNS server is temporary for testing.

auto lo
iface lo inet loopback

auto enp4s0
iface enp4s0 inet static
address 95.130.9.210
netmask 255.255.255.255
network 95.130.9.210
broadcast 95.130.9.210
dns-nameservers 95.130.8.8 95.130.8.9
#Route statique vers la passerelle
up ip route add 95.130.9.1 dev enp4s0
up ip route add default via 95.130.9.1

up ip addr add 95.130.12.251/24 dev enp4s0
up ip addr add 95.130.12.252/24 dev enp4s0


# iface enp4s0 inet6 static
# address 2a02:a80:0:1210::2
# netmask 64
# gateway 2a02:a80:0:1210::1

609662E824251C283164243846C035C803940378

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP Nat

2018-03-13 Thread nusenu 


Paul Templeton:
> Hi All,
> 
> I have an ISP who has started NATting inbound traffic and has screwed
> DNS resolution. Is there a way to bind DNS requests to use a specific
> IP address (Have multiple) that is not affected with this NATting
> problem.

Can you elaborate on your network topology and NAT?

With more information it will become easier for people to help you.

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP Nat

2018-03-13 Thread Paul Templeton 

> and has screwed DNS resolution. 

;; reply from unexpected source: 95.130.8.11#53, expected 95.130.8.8#53
;; reply from unexpected source: 95.130.8.11#53, expected 95.130.8.9#53

This is the problem I'm having...

609662E824251C283164243846C035C803940378

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] ISP Nat

2018-03-13 Thread Paul Templeton 
Hi All,

I have an ISP who has started NATting inbound traffic and has screwed DNS 
resolution. Is there a way to bind DNS requests to use a specific IP address 
(Have multiple) that is not affected with this NATting problem.

Paul

609662E824251C283164243846C035C803940378

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays