On 2013-10-13 06:42, Tor Operator wrote:
My current iptables looks like this:
# Generated by iptables-save v1.4.7 on Sat Oct 12 13:52:47 2013 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT -A INPUT -p tcp -m tcp --dport 9030 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A OUTPUT -j ACCEPT COMMIT
What are the real listening ports of Tor?
I tried adding the following rules without success:
iptables -t nat -A PREROUTING -p tcp -i eth0 —dport 80 -j REDIRECT —to-ports 10091 iptables -t nat -A PREROUTING -p tcp -i eth0 —dport 443 -j REDIRECT —to-ports 10090
These rules look ok, but if you use ports 10090/10091 you have to enable them too (not 9001/9030 like above):
iptables -A INPUT -p tcp -m tcp --dport 10090 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 10091 -j ACCEPT
Verify that Tor ist listening on the desired port:
'netstat -plnt|grep tor'
Check your 'torrc' for the following lines:
ORPort 443 ORListenAddress 0.0.0.0:10090 DirPort 80 DirListenAddress 0.0.0.0:10091
And - like elrippo said: the iptables policy shout be 'DROP':
iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP
Check it out: 'iptables -L -nv'.