Anonymous/Nonymous Communication Coexisting?
maillist
maillist at piirakka.com
Tue Jun 14 19:25:08 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>
>>
>> #!/bin/sh
>>
>> # 192.168.10.1 = router
>> # 192.168.10.10 = workstation to proxy
>> # 192.168.10.1:3128 = Squid
>> # 192.168.10.1:1211 = Transsocks
>>
>>
>> INCLUDE="192.168.10.10"
>> EXCLUDE="192.168.0.0/16 127.0.0.1 10.12.77.0/24"
>>
>>
>> #Exceptions
>> for exception in ${EXCLUDE} ; do
>> iptables -t nat -A PREROUTING --dst ${exception} -j RETURN
>> done
>>
>> #Avoid feedback loops
>> #iptables -t nat -A PREROUTING -m owner --cmd-owner transocks -j RETURN
>>
>> #Send to transocks
>> for host in ${INCLUDE} ; do
>> #iptables -t nat -A PREROUTING -s ${host} -p tcp -j
>> LOG --log-level
>> info --log-prefix "SOCKSify "
>> iptables -t nat -A PREROUTING -s ${host} -d ! 192.168.10.1 -p
>> tcp --dport 80 -j REDIRECT --to-port 3128
>> #iptables -t nat -A PREROUTING -s ${host} -p tcp --dport 80 -j
>> DNAT --to 192.168.10.1:3128
>> iptables -t nat -A POSTROUTING -s ${host} -d 192.168.10.1 -j
>> SNAT --to-source 192.168.10.1
>> iptables -t nat -A PREROUTING -s ${host} -p tcp -j
>> REDIRECT --to-port 1211
>> iptables -t nat -A PREROUTING -s ${host} -j DROP
>> done
>>
>> # Socksify traffic leaving this host:
>> #iptables -t nat -A OUTPUT -p tcp --syn -j PREROUTING
>>
>>
>> Markus
>>
>>
>
> I configured myself like this too. Very nice. I have one problem left
> still. The machine on which the programs are, the router, doesn't want to
> connect via squid nor transocks, i. e. transparent proxying works only for
> the machines on the LAN, not the server/router itself. Any hints?
> Here are the pertinent iptables rules, and as one can see nothing's
> hitting
> the OUPTUT chain:
>
> ~# iptables-save -c -t nat
> # Generated by iptables-save v1.2.11 on Fri Jun 10 10:59:23 2005
> *nat
> :PREROUTING ACCEPT [1204:84937]
> :POSTROUTING ACCEPT [1456:101425]
> :OUTPUT ACCEPT [0:0]
> :SOCKSIFY - [0:0]
> [101:5252] -A PREROUTING -s 192.168.167.0/255.255.255.0 -p tcp -m tcp \
> --tcp-flags SYN,RST,ACK SYN -j SOCKSIFY
> [0:0] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j SOCKSIFY
> [768:43008] -A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
> \
> --clamp-mss-to-pmtu
> [0:0] -A POSTROUTING -s 192.168.167.0/255.255.255.0 -d ! \
> 192.168.167.0/255.255.255.0 -o ppp+ -j MASQUERADE
> [0:0] -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j SOCKSIFY
> [0:0] -A SOCKSIFY -o lo -j RETURN
> [0:0] -A SOCKSIFY -p tcp -m tcp --dport 9055 -j RETURN
> [0:0] -A SOCKSIFY -d 66.240.11.101 -j RETURN
> [0:0] -A SOCKSIFY -d 143.247.254.11 -j RETURN
> [0:0] -A SOCKSIFY -d 143.247.253.10 -j RETURN
> [0:0] -A SOCKSIFY -d 216.239.64.140 -j RETURN
> [0:0] -A SOCKSIFY -d 209.237.230.66 -j RETURN
> [0:0] -A SOCKSIFY -d 206.241.31.21 -j RETURN
> [36:1872] -A SOCKSIFY -d 192.168.167.0/255.255.255.0 -j RETURN
> [0:0] -A SOCKSIFY -d 127.0.0.1 -j RETURN
> [0:0] -A SOCKSIFY -s 127.0.0.1 -j RETURN
> [65:3380] -A SOCKSIFY -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j LOG \
> --log-prefix "SOCKSify: " --log-level 6
> [65:3380] -A SOCKSIFY -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8888
> [0:0] -A SOCKSIFY -p tcp -j REDIRECT --to-ports 1211
> COMMIT
> # Completed on Fri Jun 10 10:59:24 2005
>
>
> Many Thanks!
>
>
> Rescator
> (GingkoBiloba server)
Maybe iptables-mailinglist would help?
Markus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959
Comment: GnuPT 2.6.2.1 by EQUIPMENTE.DE
iD8DBQFCry8Z6fSN8IKlpYoRAma+AJ489HUP9PpVcmIzWNya3jhZYVAKJgCgmLSn
1CH29anM0tAZ0ESvLFjkbL4=
=5tLp
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list