[tor-talk] Making TOR exit-node IP address configurable
Robert Ransom
rransom.8774 at gmail.com
Thu Mar 10 01:04:14 UTC 2011
On Wed, 09 Mar 2011 23:29:16 +0100
"Fabio Pietrosanti (naif)" <lists at infosecurity.ch> wrote:
> On 3/9/11 11:20 PM, Robert Ransom wrote:
> > Try running "man tor |grep -C5 OutboundBindAddress".
>
> You didn't got the technical need, the need is to redirect only TOR-exit
> traffic.
>
> OutboundBindAddress make *all*, including intra-tor, communications go
> trough that IP address:
> "Make all outbound connections originate from the IP address specified.
> This is only useful when you have multiple network interfaces, and you
> want all of Tor’s outgoing connections to use a single one."
>
> I've been thinking about a settings for TOR-Exit only traffic.
>
> >
> > But I'm not surprised that someone who wants to perform content
> > censorship on a Tor exit node is too clueless to find that Tor
> > configuration option, or to find out that iptables can apply different
> > rules to the user ID under which Tor is running.
> Yes but that's more complex, with iptables you can redirect TCP ports,
> but from your TOR node not all traffic going for example to port 80 is
> http, but a lot of it it's TOR.
>
> If you redirect it to a transparent proxy you'll break intra-tor
> communications, and so you can't just make an easy redirect with iptables.
Ah! Now I get it. You want to censor non-HTTP connections on port 80,
and probably Google searches for "Robert'); DROP TABLE Students;--" (a
quote from one popular web comic) as well.
I've opened a relevant enhancement ticket. See
<https://trac.torproject.org/projects/tor/ticket/2697>.
Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110309/dc90a784/attachment-0001.pgp>
More information about the tor-talk
mailing list