From owner-freebsd-pf@FreeBSD.ORG Sun Mar 3 22:48:02 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id A80A5497 for ; Sun, 3 Mar 2013 22:48:02 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-ee0-f46.google.com (mail-ee0-f46.google.com [74.125.83.46]) by mx1.freebsd.org (Postfix) with ESMTP id 32976D3B for ; Sun, 3 Mar 2013 22:48:01 +0000 (UTC) Received: by mail-ee0-f46.google.com with SMTP id e49so3574470eek.33 for ; Sun, 03 Mar 2013 14:47:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=nTPhjJyp+zlyP59gGBc65Hw5plmVnyHUKs9UG5fnI4A=; b=mpMXTDVZQHzwUhtK+IlnfwBVUa4sLOWtlRhDylovYp5UBt4qzE7NXjnUdHvFeLAgt0 ad90I4rTLQ5QFmULldMcWsMjIzLb4uIqfubaPTLmTnggwxfBZnbavSKVBnmNI4oUTD7X vjMdJMiEBM8Zu4XDNWy7eJVBDey+BNJEOPI0lsomM8oej4cIpiZOFHX20eqdq6FV3APC ZlMZdJOYAdG/1c2+d9kZuvhoY6JoBHtBIEHvewDnkB5DCUII6xIAjp07+pC3+PgGW5IM 9dEE+3mwlBo6NZS5QUaYNQu/1UTEAN/QkULtx1y4IWRBdXXHmmRnWrxTsBZe5Y07IkOF wj9Q== MIME-Version: 1.0 X-Received: by 10.14.210.8 with SMTP id t8mr52423843eeo.35.1362350874845; Sun, 03 Mar 2013 14:47:54 -0800 (PST) Received: by 10.14.98.65 with HTTP; Sun, 3 Mar 2013 14:47:54 -0800 (PST) Date: Sun, 3 Mar 2013 17:47:54 -0500 Message-ID: Subject: Using pf and Tor DNS port From: Robert Simmons To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Mar 2013 22:48:02 -0000 I am having problems setting up Tor's DNSPort using pf. In FreeBSD 8.x I was able to just run Tor with the "DNSPort 53" config file option with no problems. Now, with 9.1, when I run it with that option, I get a permission denied error when trying to bind port 53 on localhost. I assume this is from tighter reserved port restrictions: now you must be root. Running Tor as root is not recommended, so I'm trying to forward all traffic from localhost port 53 to port 9053 where I have Tor configured to listen now. I created a second loopback like so: ifconfig lo1 create up 127.0.0.2 I added the following two rules: rdr pass on lo1 inet proto udp to port domain -> 127.0.0.1 port 9053 pass out quick route-to lo1 inet proto udp to port domain keep state The above is not working. Any suggestions?