Date: Mon, 4 Mar 2013 12:09:34 +0100 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: Robert Simmons <rsimmons0@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Using pf and Tor DNS port Message-ID: <20130304120934.1842869b@fabiankeil.de> In-Reply-To: <CA%2BQLa9D9a=3XLtJKTiwi%2B9D_2b=Vgn7P%2B3ApD_R9x%2BjbnCrrhg@mail.gmail.com> References: <CA%2BQLa9D9a=3XLtJKTiwi%2B9D_2b=Vgn7P%2B3ApD_R9x%2BjbnCrrhg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/0v6F_kl7GYF5pvkACDqjHGk Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Robert Simmons <rsimmons0@gmail.com> wrote: > I am having problems setting up Tor's DNSPort using pf. In FreeBSD > 8.x I was able to just run Tor with the "DNSPort 53" config file > option with no problems. Now, with 9.1, when I run it with that > option, I get a permission denied error when trying to bind port 53 on > localhost. I assume this is from tighter reserved port restrictions: > now you must be root. I'm reasonably sure that this was the default for 8.x as well. Are you sure you are using the same configuration? > Running Tor as root is not recommended, so I'm > trying to forward all traffic from localhost port 53 to port 9053 > where I have Tor configured to listen now. >=20 > I created a second loopback like so: > ifconfig lo1 create up 127.0.0.2 >=20 > I added the following two rules: > rdr pass on lo1 inet proto udp to port domain -> 127.0.0.1 port 9053 > pass out quick route-to lo1 inet proto udp to port domain keep state >=20 > The above is not working. Any suggestions? Without knowing how it's not working and how the rest of the rules look like, it's hard to come up with specific suggestions. I don't need the port restrictions on my Tor-running systems and thus just set: net.inet.ip.portrange.reservedhigh=3D52 and let Tor bind to 53 directly. Fabian --Sig_/0v6F_kl7GYF5pvkACDqjHGk Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlE0gPEACgkQBYqIVf93VJ3bkQCgqUjTVCIuSWJpMFS6V6Tjwk7W Y3gAn1+aRAIVZ8+1A2pe3vRqnyHnhHz7 =1tFa -----END PGP SIGNATURE----- --Sig_/0v6F_kl7GYF5pvkACDqjHGk--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130304120934.1842869b>