[tor-relays] TransPort: Convert iptables to pf

diffusae punasipuli at t-online.de
Wed Dec 21 20:39:25 UTC 2016


Hi!

Thanks a lot for your reply.

On 21.12.2016 20:46, Ivan Markin wrote:
> diffusae:
>> I looked into the wiki and also find some pf rules, which are routing
>> all the traffic though Tor, but this only works locally.
> 
> You're likely talking about this wiki:
> https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#AnonymizingMiddlebox1

Yes I've tried something similar.

> I've tried these rules for Anonymizing Middlebox (though on modern
> OpenBSD) quite some time ago and it seemed to work fine. These should
> not only work locally - it's for entire LAN. Are these ones you tried?

rdr pass on ue0 inet proto tcp from any to !($int_if) -> 127.0.0.1 port 9040

or

rdr pass on $int_if inet proto tcp to 10.192.0.0/10 -> 127.0.0.1 port
$trans_port

I've tried it also inside the jail as on the host and I always get a
"Connection refused" The packets are routed to the IP, but I looks like
they are rejected. I don't know why. Normally it should work.

Otherwise, if I remove my iptables rule on the Linux host, than I got a
"No route to host" Looks like routing to internal IP isn't working, but
I can see the packets on the FreeBSD host. Strange ...

It looks like, I am doing something wrong.

Regards,



More information about the tor-relays mailing list