No, my home router is only accessible from the LAN. So, if you are sure Tor really block the local address space, then i shouldn't need to use iptables. But i want to be sure first. I couldn't find anything about this in the online manual.
If the router interface is publicly accessible from the (outside) internet, then yes. If it's only available on the LAN, then no. By default tor blocks access to local address space, and I believe this is only not the case if it is set up as an exit enclave. For example, both of my routers have the following restrictions, even though I did not specify them in my torrc:On Jul 4, 2011, at 9:19 PM, Tomas Sironi wrote:Hi people. I'm new with Tor and i'm very interested in this project.I'm now being a relay, only acting as middleman (no exits). I would like to contribute more by having some services as exit.However i'm concerned about security. The machine i'm running as a relay is a pc in my home. From it, i have access to my router's web interface. The problem if i act as a exit for the port 80, would be that anyone can log into (or try to) my home router just by pointing to its ip address. Am i right?reject 0.0.0.0/8:*reject 169.254.0.0/16:*reject 127.0.0.0/8:*reject 192.168.0.0/16:*reject 10.0.0.0/8:*reject 172.16.0.0/12:*reject 97.102.75.60:*I believe what you want is the following:I've thought about using iptables to block outgoing connection from the relay to my router usingiptables -A OUTPUT -d 192.168.15.1 -j DROPNot sure that's the correct line to do that. It blocks ping requests but i still can access the web interface of my router from that pc. Can anyone help me here?# /sbin/iptables -A OUTPUT -p tcp -d 192.168.15.1 --dport 80 -j DROP
# /sbin/service iptables saveThanks for running an exit!~Justin Aplin
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tomas Sironi