Jailed/sandboxed/chrooted applications
Adlesshaven
adlesshaven at embarqmail.com
Sat Jan 3 03:57:46 UTC 2009
> route-to sends it to the lo1 interface
> on the lo1 interface the IP it is heading to is changed to 127.0.0.1
> port 9040
> some other rules to make sure nothing else gets out
>
> Is that it? It still seems very confusing.
I finally cracked it! This PF ruleset let me send a test request from
firefox within a jail to
Tor's TransPort (9040), the IP 127.0.0.2 is the jail and an alius of lo0:
rdr pass on lo1 inet proto udp from any to port 53 -> 127.0.0.1 port 53
rdr pass on lo1 inet proto tcp from any to port 53 -> 127.0.0.1 port 53
rdr pass on lo1 inet proto tcp from any to port 80 -> 127.0.0.1 port 9040
pass out route-to lo1 inet proto tcp from 127.0.0.2 to port 80 flags
S/SA modulate state
pass out route-to lo1 inet proto udp from 127.0.0.2 to port 53 keep state
Of course it needs to be expanded and modified for my purpose, but this
simple ruleset can be used as a better example for that than the complex but
complete one on the Wiki I think.
More information about the tor-talk
mailing list