Yet another UDP / DNS quiestion...

tagnaq tagnaq at gmail.com
Sun Feb 13 14:41:00 UTC 2011


On 02/13/2011 03:20 PM, Tomasz Moskal wrote:
> Do I have to use AutomapHostsOnResolve 1 as well? Seems to be pointless
> without defining AutomapHostsSuffixes.

No it is not pointless because also if you do not use
AutomapHostsSuffixes in your config ".exit" and ".onion" are
AutomapHostsSuffixes per default.

> One more question: will those rules route all UDP traffic to port 53 or
> just DNS requests? What will happen with UDP not relating to DNS?

The UDP rules in the LocalRedirectionThroughTor section:
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy#LocalRedirectionThroughTor

redirect only UDP packets with destination port 53 (usually DNS
requests) to the DNSPort. All other outgoing UDP traffic is
blocked/rejected with the last rule:
iptables -A OUTPUT -j REJECT

The penultimate rule:
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
would allow a program running with the $TOR_UID to send UDP traffic.

I will suggest to add -p tcp to that rule.


***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list