On Fri, May 15, 2009 at 2:00 PM, unknown unkn...@pgpru.com wrote:
... Any possible vulnerabilities here?
make sure control port is disabled or properly authenticated;
otherwise a good setup.
an improvement is white listing Tor process with direct access and all
other traffic is transparently
INET_IFACE=eth0 #our internet interface
$IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 9050 -j DROP
$IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 9040 -j DROP
$IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 53 -j DROP
$IPTABLES -A INPUT -i $INET_IFACE -p UDP
INET_IFACE=eth0 #our internet interface
$IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 9050 -j DROP
$IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 9040 -j DROP
$IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 53 -j DROP
$IPTABLES -A INPUT -i $INET_IFACE -p UDP
Removing '-t nat' from the last rule should do what you need. Only the
first two really need to be in the NAT table (because they are
modifying the traffic, not filtering it).
- John Brooks
On Wed, May 13, 2009 at 11:15 PM, leandro noferini
lnofe...@cybervalley.org wrote:
Ciao a tutti,
in
John Brooks ha scritto:
Removing '-t nat' from the last rule should do what you need. Only the
first two really need to be in the NAT table (because they are
modifying the traffic, not filtering it).
[...]
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp
--syn -j
leandro noferini ha scritto:
[...]
Ok, now ipfilter does not complain but I cannot connect anymore.
:-(
I will investigate more.
I applied these rules for iptables (in this order):
iptables -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --syn -j
REDIRECT --to-ports 9040
Ciao a tutti,
in tor wiki at the address
http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy#head-235f10e71909d609c46847c9f91efe8ed5168004
explains the way to apply a trasparent proxy for a specific user.
The rules for iptables are
iptables -t nat -A OUTPUT -p tcp -m owner
7 matches
Mail list logo