#30796: ClientDNSRejectInternalAddresses inteferes with ClientRejectInternalAddresses=1 -------------------------------------------------+------------------------- Reporter: smherwig | Owner: (none) Type: defect | Status: new Priority: Medium | Component: Core | Tor Version: Tor: 0.4.0.5 | Severity: Normal Keywords: ClientDNSRejectInternalAddresses, | Actual Points: ClientRejectInternalAddresses | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+------------------------- I'm using tor-0.4.05.
In the onion proxy's torcc, I set {{{ ClientRejectInternalAddresses 0 MapAddress 127.0.0.1 127.0.0.1.FINGERPRINT.exit MapAddress localhost localhost.FINGERPRINT.exit UseMicrodescriptors 0 }}} and on my exit node: {{{ ExitRelay 1 ExitRelayRejectPrivate 0 ExitPolicy accept private:8080-8090 ExitPolicy reject *:* }}} If I then issue a request through the OP to get a page served by a webserver running locally on the exit node {{{ curl --socks4 127.0.0.1:9050 http://127.0.0.1:8080/index.html }}} the OP's socks server says the connection is not permitted. Specifically, `core/or/relay.c:1347` denies the connection and logs "connection_edge_process_relay_cell_not_open(0: ...but it claims the IP address was 127.0.0.1". Also not that per the `tor.1` manpage, and more specifically, enforced in `app/config/config.c:4420`, `ClientDNSRejectInternalAddresses` cannot be set to `0` when using the production Tor network. In other words, the enforcement of `ClientDNSRejectInternalAddresses` is being applied when no DNS request is actually made, and, moreover, interferes with the `ClientRejectInternalAddresses` and `MapAddress` configuration. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30796> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs