I am incredibly sorry that my posts do not reference the right Message-ID's. This seems to be a bug in the webmail interface I am using.
>>> Chain POSTROUTING (policy ACCEPT) >>> target prot opt source destination >>> MASQUERADE tcp -- 192.168.179.0/24 !192.168.179.0/24 masq >>> ports: >>> 1024-65535 >>> MASQUERADE udp -- 192.168.179.0/24 !192.168.179.0/24 masq >>> ports: >>> 1024-65535 >>> MASQUERADE all -- 192.168.179.0/24 !192.168.179.0/24 >>> [...] >>> (The POSTROUTING stuff is due to a VM I have running.) >> >> I think your issues might be related to these rules, though. Could you >> try without? Could you try to use SNAT with a specific IP address >> instead of MASQUERADE? Could you try to filter based on output >> interfaces instead of destination addresses? > > I tried without, no difference. In fact, my problem is not related to > iptables at all. If I start tor with DNSPort set to 53, and set my > nameserver in /etc/resolv.conf to 127.0.0.1, it does not work as well. > (First lookup fails, consequent lookups succeed). I think I am finally getting somewhere. Netfilter definitely does not cause my problem. As I said in http://archives.seul.org/or/talk/Feb-2012/msg00202.html, I wrote a simple application that performs lookups using glibc. It turns out that all lookups succeed, if addinfo.ai_family is AF_INET. If addrinfo.ai_family is AF_UNSPEC (this is what gnutls-cli, openbsd netcat etc.) are using, the first lookup fails, subsequent lookups succeed. Cheers, Douglas _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk