Using pf and Tor DNS port
Fabian Keil
freebsd-listen at fabiankeil.de
Mon Mar 4 11:21:40 UTC 2013
Robert Simmons <rsimmons0 at gmail.com> wrote:
> I am having problems setting up Tor's DNSPort using pf. In FreeBSD
> 8.x I was able to just run Tor with the "DNSPort 53" config file
> option with no problems. Now, with 9.1, when I run it with that
> option, I get a permission denied error when trying to bind port 53 on
> localhost. I assume this is from tighter reserved port restrictions:
> now you must be root.
I'm reasonably sure that this was the default for 8.x as well.
Are you sure you are using the same configuration?
> Running Tor as root is not recommended, so I'm
> trying to forward all traffic from localhost port 53 to port 9053
> where I have Tor configured to listen now.
>
> I created a second loopback like so:
> ifconfig lo1 create up 127.0.0.2
>
> I added the following two rules:
> rdr pass on lo1 inet proto udp to port domain -> 127.0.0.1 port 9053
> pass out quick route-to lo1 inet proto udp to port domain keep state
>
> The above is not working. Any suggestions?
Without knowing how it's not working and how the rest of the
rules look like, it's hard to come up with specific suggestions.
I don't need the port restrictions on my Tor-running systems
and thus just set: net.inet.ip.portrange.reservedhigh=52
and let Tor bind to 53 directly.
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20130304/86e1ae21/attachment.sig>
More information about the freebsd-pf
mailing list