On 02/12/2011 05:30 AM, Tomasz Moskal wrote: > I was reading Transparently Routing Traffic Through Tor > <https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy> > and although I don't need to run Tor as transparent proxy I like the > idea of routing the UDP/DNS requests to localhost. If I will reroute > all those requests with iptables to the port on which Tor is > listening I should have no problems with DNS leaking, right?
Yes if you redirect DNS requests to Tor's DNSPort you should be safe against DNS leaks. > 3. iptables > > iptables -t nat -A OUTPUT -o lo -j RETURN iptables -t nat -A OUTPUT > -m owner --uid-owner $TOR_UID -j RETURN iptables -t nat -A OUTPUT -p > udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A > PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53 > iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT iptables > -A OUTPUT -j REJECT I guess you are talking about a local setup without a "middlebox" involved. If my assumption is correct you want to refer to the following section in the document: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy#LocalRedirectionThroughTor as far as I can see you copied parts of the iptables rules from the "middlebox" setup from this section: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy#LocalRedirectionandAnonymizingMiddlebox *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
