[e-privacy] configurazione server tor con ORPort 443

TimM timtorrelay at insicuri.net
Tue May 13 23:25:31 CEST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marco Bonetti ha scritto:
> Marco Bonetti wrote:
>> in teoria basterebbe solo la regola che interessa la tabella di
>> nat
> mi correggo, prova con questa regola al posto della precedente:
>
> iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT
> --to-ports 9090
>
Niente, non riesco a farlo andare... resettando le regole e mettendo
solo quella del nat va, se no niente. Posto lo script di iptables,
magari qualcuno riesce a trovare l'errore:

-
------------------------------------------------------------------------------
#Variabili
IPT="/sbin/iptables"
IFLO="lo"
IFEXT="eth0"
#Caricamento dei moduli
        modprobe ip_tables
        modprobe iptable_nat
        modprobe ip_conntrack
        modprobe ip_conntrack_ftp
        modprobe ip_nat_ftp
        modprobe ipt_LOG
        modprobe ipt_MARK
        modprobe ipt_MASQUERADE
        modprobe ipt_REDIRECT
        modprobe ipt_REJECT
        modprobe ipt_TOS
        modprobe ipt_limit
        modprobe ipt_mac
        modprobe ipt_mark
        modprobe ipt_multiport
        modprobe ipt_state
        modprobe ipt_tos
        modprobe iptable_mangle

#Reset impostazioni
        $IPT -F
        $IPT -F -t nat
        $IPT -F -t mangle
        $IPT -X
        $IPT -X -t nat
        $IPT -X -t mangle

#Policy standard
        $IPT -P INPUT   DROP
        $IPT -P FORWARD DROP
        $IPT -P OUTPUT  ACCEPT
        $IPT -t nat -P PREROUTING ACCEPT

#Traffico interno
       $IPT -A INPUT  -i $IFLO -j ACCEPT
       $IPT -A OUTPUT -o $IFLO -j ACCEPT

#Traffico relativo pacchetti di risposta
        $IPT -A INPUT -p  tcp -i $IFEXT -m state -s 0/0 --state
ESTABLISHED,RELATED -j ACCEPT
        $IPT -A INPUT -p icmp -i $IFEXT -m state -s 0/0 --state
ESTABLISHED,RELATED -j ACCEPT
        $IPT -A INPUT -p  udp -i $IFEXT -m state -s 0/0 --state
ESTABLISHED,RELATED -j ACCEPT

[cut]
una serie di regole dove apro in input porte relative i servizi che ho
attivi; tutte del tipo:
       $IPT -A INPUT -p xxx --dport 000 -j ACCEPT
[cut]

#Relay Tor
        #ORPort
        #IP="192.168.1.30"
        #$IPT -A INPUT -p tcp --dport 9090 -j ACCEPT
        #$IPT -A INPUT -p tcp --dport 443 -j ACCEPT
        #$IPT -t nat -A PREROUTING -p tcp -d $IP --dport 443 -j DNAT
- --to-destination $IP:9090
        $IPT -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT
- --to-ports 9090
-
----------------------------------------------------------------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIKgdIWP3l6zpcOBcRAgMXAJ9QxjsPhROtUjR13KqSNU1sB+EVgACfY3wv
lLPqy8Brh5kpS+vciEBUujw=
=tOa6
-----END PGP SIGNATURE-----

More information about the E-privacy mailing list