[tor-relays] DNAT question
Softail
black98fxstc at gmail.com
Fri Jul 15 17:56:33 UTC 2011
I'm trying to switch my ports from 9001/9030 to 443/80. The tor
configuration seems straight forward. I tried
/sbin/iptables --append INPUT --protocol tcp --match state --state NEW
--destination a.b.c.d --dport 9001 --jump ACCEPT
/sbin/iptables --append INPUT --protocol tcp --match state --state NEW
--destination a.b.c.d --dport 9030 --jump ACCEPT
/sbin/iptables --table nat --append PREROUTING --protocol tcp
--source-port 443 --destination a.b.c.d --jump DNAT --to-destination :9001
/sbin/iptables --table nat --append PREROUTING --protocol tcp
--source-port 80 --destination a.b.c.d --jump DNAT --to-destination :9030
but that doesn't seem to work. The OR and Dir ports are not reachable
from the outside. I assumed that PREROUTING happened before INPUT but
not really an expert on this. The firewall blocks everything else
inbound to that address but the two ports I opened. Do I need to open
443/80 on the INPUT chain as well and if so do I also need to keep
9001/9030 open also?
CentOS 5.6 if that matters.
Thanks
--
A man in chains knows he should have acted sooner...
Julian Assange
More information about the tor-relays
mailing list