Date: Mon, 04 Mar 2013 14:45:52 -0600 From: CyberLeo Kitsana <cyberleo@cyberleo.net> To: Robert Simmons <rsimmons0@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Using pf and Tor DNS port Message-ID: <51350800.2070803@cyberleo.net> In-Reply-To: <CA%2BQLa9D9a=3XLtJKTiwi%2B9D_2b=Vgn7P%2B3ApD_R9x%2BjbnCrrhg@mail.gmail.com> References: <CA%2BQLa9D9a=3XLtJKTiwi%2B9D_2b=Vgn7P%2B3ApD_R9x%2BjbnCrrhg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/03/2013 04:47 PM, Robert Simmons wrote: > I am having problems setting up Tor's DNSPort using pf. In FreeBSD > 8.x I was able to just run Tor with the "DNSPort 53" config file > option with no problems. Now, with 9.1, when I run it with that > option, I get a permission denied error when trying to bind port 53 on > localhost. I assume this is from tighter reserved port restrictions: > now you must be root. Running Tor as root is not recommended, so I'm > trying to forward all traffic from localhost port 53 to port 9053 > where I have Tor configured to listen now. > > I created a second loopback like so: > ifconfig lo1 create up 127.0.0.2 > > I added the following two rules: > rdr pass on lo1 inet proto udp to port domain -> 127.0.0.1 port 9053 > pass out quick route-to lo1 inet proto udp to port domain keep state > > The above is not working. Any suggestions? I'm pretty sure any traffic that both originates and targets addresses on the same machine will pass over lo0, regardless of which interface possesses the addresses. Try attaching your rdr rule to lo0 instead? -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net <CyberLeo@CyberLeo.Net> Furry Peace! - http://wwww.fur.com/peace/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51350800.2070803>