Re: [tor-relays] TransPort: Convert iptables to pf

Hi! On 29.12.2016 00:16, grarpamp wrote: > On Wed, Dec 28, 2016 at 5:07 PM, diffusae wrote: >> I needed the buildworld to create a jail with ezjail. > > If you break some of these down all they do is lay down > an installworld in DESTDIR and run jail on it. Too heavy >

Re: [tor-relays] TransPort: Convert iptables to pf

On Wed, Dec 28, 2016 at 5:07 PM, diffusae wrote: > I needed the buildworld to create a jail with ezjail. If you break some of these down all they do is lay down an installworld in DESTDIR and run jail on it. Too heavy for some who tar up / and /usr and lay them down

Re: [tor-relays] TransPort: Convert iptables to pf

Hi! Thanks a lot for your hint. On 28.12.2016 19:52, grarpamp wrote: > Need to buildworld is rare and usually noted in UPDATING > and kernel config files. make buildkernel will be much faster, > and even faster if you strip out junk you don't need from the > kernel config, which also speeds

Re: [tor-relays] TransPort: Convert iptables to pf

On Wed, Dec 28, 2016 at 11:07 AM, diffusae wrote: > If you try a "build world" an the RPi itself, it took more that three > days. ;-) Need to buildworld is rare and usually noted in UPDATING and kernel config files. make buildkernel will be much faster, and even faster if

Re: [tor-relays] TransPort: Convert iptables to pf

Hi! On 26.12.2016 18:17, Corl3ss wrote: > diffusae: >> I've tried the same configuration with FreeBSD11 for armv6 (RPI-B), with >> and without a jail and it only works locally and also dropped all other >> network connections. I am not sure, if something is missing in RPI >> ISO-Images

[tor-relays] TransPort: Convert iptables to pf _ nat

scrub in all nat pass on $ext_if from $NET_JAIL to any -> $IP_PUB rdr pass on $ext_if proto tcp from any to $IP_PUB port $PORT_TOR_JAIL -> $IP_JAIL_TOR port $PORT_TOR_JAIL That looks good. There is no "pass out quick" or "pass out on" statement? Sure, there is. pass out on $ext_if proto {

Re: [tor-relays] TransPort: Convert iptables to pf

diffusae: >> >> I am running a Tor node in a Freebsd jail with the following pf rules : >> >> scrub in all >> nat pass on $ext_if from $NET_JAIL to any -> $IP_PUB >> rdr pass on $ext_if proto tcp from any to $IP_PUB port $PORT_TOR_JAIL -> >> $IP_JAIL_TOR port $PORT_TOR_JAIL > > That looks

Re: [tor-relays] TransPort: Convert iptables to pf

Hi! Thanks for your reply. On 26.12.2016 15:32, Corl3ss wrote: > > diffusae: >> Hello! >> > > Hi Diffusae > > >> Does anybody know how to convert this to pf rules in FreeBSD: >> >> iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports >> 9040 >> >> I' running a Tor client

Re: [tor-relays] TransPort: Convert iptables to pf

diffusae: > Hello! > Hi Diffusae > Does anybody know how to convert this to pf rules in FreeBSD: > > iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports > 9040 > > I' running a Tor client in a jail on a different IP and want to route > only the .onion traffic through. >

Re: [tor-relays] TransPort: Convert iptables to pf

Hi! Thanks a lot for your reply. On 21.12.2016 20:46, Ivan Markin wrote: > diffusae: >> I looked into the wiki and also find some pf rules, which are routing >> all the traffic though Tor, but this only works locally. > > You're likely talking about this wiki: >

Re: [tor-relays] TransPort: Convert iptables to pf

diffusae: > I looked into the wiki and also find some pf rules, which are routing > all the traffic though Tor, but this only works locally. You're likely talking about this wiki: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#AnonymizingMiddlebox1 I've tried these rules for

[tor-relays] TransPort: Convert iptables to pf

Hello! Does anybody know how to convert this to pf rules in FreeBSD: iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040 I' running a Tor client in a jail on a different IP and want to route only the .onion traffic through. The DNS stuff is working fine, but I can't