-----Original Message----- From: Tom Eastep [mailto:[email protected]] Sent: Wednesday, 8 May 2013 11:26 AM To: [email protected] Subject: Re: [Shorewall-users] Transparent Proxy
On 5/7/13 5:29 PM, [email protected] wrote: > On Sunday, May 05, 2013 06:57:49 AM [email protected] wrote: >> >> I have a Tor gateway set up, and would like to route all traffic through it. >> For security, different functions should use different Tor ports, so they >> have different virtual circuits. >> >> I've assigned port 9110 to be the port for email. My mail client uses SSL >> for email (POP3s: 995, sSMTP: 465), and I want to direct all accesses to >> from those ports through the Tor SOCKS port of 9110. This should mean that >> the mail client sends an email out 465, which is then tunneled by Shorewall >> (somehow) to 127.0.0.1:9110, and out the Tor network to the exit node, where >> it then proceeds to the mail server listening on 465. >> >> Anyone know how I would do this in Shorewall? > > Anyone have input on this? > > Or has Benny Pedersen poisoned the well for me? Firstly, Is the mail client socks aware? If it is not then that is the issue you need to fix. If it is, then tell it to use the socks proxy on port 9110 Shorewall is an IPTables configurator, it is NOT a proxy. Shorewall isn't a magic bit of software that knows how to interface to a socks proxy. You need a socks aware email client. Using IPTables to redirect SSL traffic to a transparent proxy is a method that will guarantee to break every secure connection. If you get into the habit of accepting broken certs, then you are less, not more secure. SSL and TLS need explicit proxying, not transparent proxying by IP redirect/nat into a waiting proxy. Down this path thar be dragons. I hope this helps. T ===[Disclaimer]=== This electronic transmission, including any attachments, is confidential, may contain privileged information and should be read or retained only by the intended recipient. If you received this message in error, please delete it from your system and notify the sender immediately. Any review, dissemination or other use of this information by persons or entities other than the intended recipient is strictly prohibited. ===[End]=== ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
