[tor-dev] Transparent proxying: automagically add firewall rules
Yawning Angel
yawning at schwanenlied.me
Mon Jan 11 19:41:48 UTC 2016
On Mon, 11 Jan 2016 16:43:10 +0000
Rene Bartsch <ml at bartschnet.de> wrote:
> Hi,
>
> transparent proxying to TOR Hidden Services is a great feature of the
> TOR daemon when it comes to other applications/protocols than HTTP
> and surfing. It would also be great with privacy appliances (e.g.
> Mailpile using TOR as secure SMTP transport channel).
>
> John Does have problems with such a setup because of the NAT firewall
> rules.
>
> So I suggest the TOR daemon should automagically set the necessary
> NAT-rules on Windows, Linux and BSD when "TransPort" and
> "VirtualAddrNetworkIPv[4|6]" are configured in torrc.
This is unlikely to happen because the "sensible automagic thing" will
probably break on various configurations, and more practically, tor
attempts to drop privileges as soon as possible leading it to be unable
to alter or clean up said rules on HUP/exit.
Others are free to disagree, patches will be evaluated if someone
writes them.
Regards,
--
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160111/73052bf3/attachment.sig>
More information about the tor-dev
mailing list