reconsidering default exit policy
Geoffrey Goodell
goodell at cassandra.eecs.harvard.edu
Fri Mar 11 00:24:55 UTC 2005
On Thu, Mar 10, 2005 at 05:38:59PM -0600, Wes Felter wrote:
> Geoffrey Goodell wrote:
>
> ># reject private networks (no surprises!) My understanding is that you
> ># might want to eliminate the 127.0.0.0/8 line if your kernel
> ># short-circuits connections to local services and if you want those
> ># services to be available to Tor users who happen to choose your Tor
> ># node as an exit... someone please correct me if this is wrong.
>
> I can't imagine why a kernel would rewrite destination addresses that
> way, but it doesn't matter since the kernel sees the packets after they
> come out of Tor. But I could imagine a case where the DNS resolver
> returns 127.0.0.1 when a machine looks up its own hostname (even though
> that doesn't sound like it should happen either).
This has nothing to do with DNS resolution. The point is that some
kernels short-circuit packets destined to IP addresses corresponding to
other interfaces of the machine. If I had such a kernel, and one
network interface configured as 140.247.62.119, then all packets
destined to 140.247.62.119 would be short-circuited to the loopback
interface.
I am not sure how to characterize which kernels have this "feature" and
which do not.
Geoff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20050310/9dfc0bed/attachment.pgp>
More information about the tor-talk
mailing list