[tor-bugs] #10582 [Tor]: Please add support for TPROXY for linux in TransProxy
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 7 22:58:05 UTC 2014
#10582: Please add support for TPROXY for linux in TransProxy
------------------------+-----------------
Reporter: thomo | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------+-----------------
Comment (by thomo):
TPROXY only works on a router, it doesn't work on the local machine. You
still need to use NAT for that. But to test this you do the following:
Create a rule for a firewall mark for the traffic to lookup a routing
table.
ie.
ip rule add fwmark 16 lookup 10
add a routing rule for the traffic to the lo device:
ip route add local default dev lo table 10
ip -6 route add local default dev lo table 10
And tell the firewall to mark the packets:
in ferm:
domain (ip ip6) {
table mangle {
chain PREROUTING {
CONNMARK restore-mark;
interface XXXX proto tcp dport (80 443) mod connmark mark 0
TPROXY on-port 9040 tproxy-mark 10;
CONNMARK save-mark;
}
}
}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10582#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list