Noino a écrit :
Pascal Hambourg wrote :
I confirm. On 2.6 kernels < 2.6.11 and 2.4 kernels < 2.4.29 this
option must be enabled in order to do local NAT on loopback.
Oops, dunno why I added "on loopback". Please ignore it.
Merci, Pascal; that would explain why I had so little success...
Stll, is there a way to achieve local port redirection without that
option set, maybe by combining DNAT, SNAT, REDIRECT in some astute way ?
AFAIK, not with Netfilter NAT. SNAT won't work on return packets.
But this is possible with userland relay daemons such as stone or socat,
if the original port (i.e. UDP 53 here) is not used by another process.
The drawback of this method is that it hides the original client address
from the final server, but this is not an issue for loopback use.
Does it make things easier if I arrange for Tor to listen on the IP
associated with the ethernet adapter rather than localhost ? Or even
listen on 0.0.0.0 ?
Not sure what you mean. Changing the address won't fix the UDP port
reverse-translation issue.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
