check a discussions above. Thats works good for me:
http://archives.seul.org/or/talk/May-2009/msg00079.html
On Sat, 16 May 2009 22:13:14 -0600
Jim McClanahan wrote:
> Rather than to just DNATing all un-REDIRECTed traffic of tornet_user to
> local host, I wonder whether it would be safer to direct udp & tcp
> traffic to a particular port where you explicitly DROP (or REJECT) it.
Yes, I think it will
INET_IFACE=eth0 #our internet interface
$IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 9050 -j DROP
$IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 9040 -j DROP
$IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 53 -j DROP
$IPTABLES -A INPUT -i $INET_IFACE -p UDP --dp
INET_IFACE=eth0 #our internet interface
$IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 9050 -j DROP
$IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 9040 -j DROP
$IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 53 -j DROP
$IPTABLES -A INPUT -i $INET_IFACE -p UDP --dp
On Mon, 9 Feb 2009 19:42:03 +
unknown wrote:
> https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy :
>
> [quote]
>
> 2.1. Transparently anonymizing traffic for a specific user
>
> [code]
> iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anon
https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy :
[quote]
2.1. Transparently anonymizing traffic for a specific user
[code]
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --syn -j
REDIRECT --to-ports 9040
iptables -t nat -A OUTPUT -p udp -m owner --
6 matches
Mail list logo