[tor-talk] glibc's DNS lookups fail
douglastskillern at lavabit.com
douglastskillern at lavabit.com
Tue Feb 14 22:34:55 UTC 2012
> On 2012-02-14, douglastskillern at lavabit.com
> <douglastskillern at lavabit.com> wrote:
>> Hello List,
>>
>> I am experiencing a strange problem for about two weeks or so.
>>
>> I am using GNU/Liux (Debian 6 x86-64) and Tor 0.2.2.35 built from
>> source.
>> I forward all my tcp traffic and udp traffic on port 53 to my tor
>> instance
>> via netfilter.
>
> Are you using the iptables rules shown on
> https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy ?
Yeah, pretty much. I am able to reproduce my problem with a minimal
iptables setup, though.
function stop()
{
ip6tables -P INPUT ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -P FORWARD ACCEPT
iptables -t nat -D OUTPUT -j MY_ANONYMIZE
iptables -t nat -F MY_ANONYMIZE
iptables -t nat -X MY_ANONYMIZE
}
function start()
{
ip6tables -P INPUT DROP
ip6tables -P OUTPUT DROP
ip6tables -P FORWARD DROP
iptables -t nat -N MY_ANONYMIZE
iptables -t nat -A OUTPUT -j MY_ANONYMIZE
iptables -t nat -A MY_ANONYMIZE -p udp --destination-port domain -j
REDIRECT --to-ports 9031
}
iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE tcp -- 192.168.179.0/24 !192.168.179.0/24 masq ports:
1024-65535
MASQUERADE udp -- 192.168.179.0/24 !192.168.179.0/24 masq ports:
1024-65535
MASQUERADE all -- 192.168.179.0/24 !192.168.179.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
MY_ANONYMIZE all -- 0.0.0.0/0 0.0.0.0/0
Chain MY_ANONYMIZE (1 references)
target prot opt source destination
REDIRECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
redir ports 9031
(The POSTROUTING stuff is due to a VM I have running.)
More information about the tor-talk
mailing list