Using pf and Tor DNS port
CyberLeo Kitsana
cyberleo at cyberleo.net
Mon Mar 4 20:54:10 UTC 2013
On 03/03/2013 04:47 PM, Robert Simmons wrote:
> I am having problems setting up Tor's DNSPort using pf. In FreeBSD
> 8.x I was able to just run Tor with the "DNSPort 53" config file
> option with no problems. Now, with 9.1, when I run it with that
> option, I get a permission denied error when trying to bind port 53 on
> localhost. I assume this is from tighter reserved port restrictions:
> now you must be root. Running Tor as root is not recommended, so I'm
> trying to forward all traffic from localhost port 53 to port 9053
> where I have Tor configured to listen now.
>
> I created a second loopback like so:
> ifconfig lo1 create up 127.0.0.2
>
> I added the following two rules:
> rdr pass on lo1 inet proto udp to port domain -> 127.0.0.1 port 9053
> pass out quick route-to lo1 inet proto udp to port domain keep state
>
> The above is not working. Any suggestions?
I'm pretty sure any traffic that both originates and targets addresses
on the same machine will pass over lo0, regardless of which interface
possesses the addresses. Try attaching your rdr rule to lo0 instead?
--
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
<CyberLeo at CyberLeo.Net>
Furry Peace! - http://wwww.fur.com/peace/
More information about the freebsd-pf
mailing list