[tor-relays] TransPort: Convert iptables to pf

Corl3ss corl3ss at corl3ss.com
Mon Dec 26 14:32:00 UTC 2016


diffusae:
> Hello!
> 

Hi Diffusae


> Does anybody know how to convert this to pf rules in FreeBSD:
> 
> iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports
> 9040
> 
> I' running a Tor client in a jail on a different IP and want to route
> only the .onion traffic through.
> 
> The DNS stuff is working fine, but I can't find a solution for the above
> iptables rule, which is working. I like transparently do DNS and Routing
> for .onion traffic on the network.
> 
> I looked into the wiki and also find some pf rules, which are routing
> all the traffic though Tor, but this only works locally.
> 
> The machine is on FreeBSD 11.0-STABLE. Tor is running in a jail with
> cloned loopback interface (lo1) and has also a private IP address on the
> main NIC.
> 


I am running a Tor node in a Freebsd jail with the following pf rules :

scrub in all
nat pass on $ext_if from $NET_JAIL to any -> $IP_PUB
rdr pass on $ext_if proto tcp from any to $IP_PUB port $PORT_TOR_JAIL ->
$IP_JAIL_TOR port $PORT_TOR_JAIL

It passes the exit traffic to th public IP. The incoming traffic is
passed to the different jail IPs according to the port.

Be careful with the cloned interface and the /etc/hosts configurations
for your BSD and jails. Misconfiguration also often leads to network
problems.


> Maybe you have some hints.
> 
> Thanks a lot
> 
> Regards,
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161226/aee77ffd/attachment.sig>


More information about the tor-relays mailing list