Re: [tor-relays] ISP Nat
Thanks teor > I would recommend using a caching resolver, it puts much less load on the > remote resolvers you are using. Went down this path - its working. Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
> On 14 Mar 2018, at 01:28, Paul Templeton wrote: > > Thanks nusenu > >> I'd say this is broken network and ask them to fix it. > Ticket has been lodge but it takes for ever to get something done - The node > has been off line for two weeks now (After a power issue in the rack). There > has been issue after issue getting the system up again and now this. Was just > wondering if you can force DNS requests on ip's 95.130.12.251 and/or > 95.130.12.252 as they are not affected. Tor doesn't have a DNS OutboundBindAddress, but there are two ways you can do it: * change the default route to one of these IP addresses * run a caching resolver, and tell it to bind to one of these IP addresses I would recommend using a caching resolver, it puts much less load on the remote resolvers you are using. T ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
Thanks nusenu > I'd say this is broken network and ask them to fix it. Ticket has been lodge but it takes for ever to get something done - The node has been off line for two weeks now (After a power issue in the rack). There has been issue after issue getting the system up again and now this. Was just wondering if you can force DNS requests on ip's 95.130.12.251 and/or 95.130.12.252 as they are not affected. If not I can run it as a middle for now... SIGH Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
>> Can you elaborate on your network topology and NAT? > > Out bound traffic from 95.130.9.210 goes via 95.130.9.1 then 95.130.8.1 then > out to the real world. outbound: [ 95.130.9.210 ] --> [outbound gw 95.130.9.1 ] --> [2th hop 95.130.8.1 ] --> inet > In bound traffic comes via 95.130.8.11 then 9.130.8.120 inbound: [ 95.130.9.210 ] <-- [ 9.130.8.120 ] <-- [SNAT:95.130.8.11 ] <-- inet > It's NATted at 95.130.8.11 and all I see is this address connected to the > system(ie all connections show as 95.130.8.11). > > My /etc/network/interface - the DNS server is temporary for testing. If I understood you correctly and they are simply replacing the source IP of all incoming packets I'd say this is broken network and ask them to fix it. (it will break more than just DNS resolution unless they are NATing only on specific protocols [udp] and ports [53]). > auto enp4s0 > iface enp4s0 inet static > address 95.130.9.210 > netmask 255.255.255.255 > network 95.130.9.210 > broadcast 95.130.9.210 > dns-nameservers 95.130.8.8 95.130.8.9 > #Route statique vers la passerelle > up ip route add 95.130.9.1 dev enp4s0 > up ip route add default via 95.130.9.1 > > up ip addr add 95.130.12.251/24 dev enp4s0 > up ip addr add 95.130.12.252/24 dev enp4s0 -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
> Can you elaborate on your network topology and NAT? Out bound traffic from 95.130.9.210 goes via 95.130.9.1 then 95.130.8.1 then out to the real world. In bound traffic comes via 95.130.8.11 then 9.130.8.120 It's NATted at 95.130.8.11 and all I see is this address connected to the system(ie all connections show as 95.130.8.11). My /etc/network/interface - the DNS server is temporary for testing. auto lo iface lo inet loopback auto enp4s0 iface enp4s0 inet static address 95.130.9.210 netmask 255.255.255.255 network 95.130.9.210 broadcast 95.130.9.210 dns-nameservers 95.130.8.8 95.130.8.9 #Route statique vers la passerelle up ip route add 95.130.9.1 dev enp4s0 up ip route add default via 95.130.9.1 up ip addr add 95.130.12.251/24 dev enp4s0 up ip addr add 95.130.12.252/24 dev enp4s0 # iface enp4s0 inet6 static # address 2a02:a80:0:1210::2 # netmask 64 # gateway 2a02:a80:0:1210::1 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
Paul Templeton: > Hi All, > > I have an ISP who has started NATting inbound traffic and has screwed > DNS resolution. Is there a way to bind DNS requests to use a specific > IP address (Have multiple) that is not affected with this NATting > problem. Can you elaborate on your network topology and NAT? With more information it will become easier for people to help you. -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
> and has screwed DNS resolution. ;; reply from unexpected source: 95.130.8.11#53, expected 95.130.8.8#53 ;; reply from unexpected source: 95.130.8.11#53, expected 95.130.8.9#53 This is the problem I'm having... 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] ISP Nat
Hi All, I have an ISP who has started NATting inbound traffic and has screwed DNS resolution. Is there a way to bind DNS requests to use a specific IP address (Have multiple) that is not affected with this NATting problem. Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays