You don't even need socat. You could do it all with pf. Except for DNS, though, you'd have to block outbound DNS traffic to maintain anonymity.
J. Stuart McMurray On Thu, Apr 18, 2013 at 10:17 PM, Juan Francisco Cantero Hurtado < i...@juanfra.info> wrote: > On Thu, Apr 18, 2013 at 10:35:53PM -0000, fek...@tormail.org wrote: > > I want to create a Tor hidden server, which people SSH into over Tor. > > Users could discover the IP server by running traceroute. To stop this I > > have added a simple rule to pf.conf based off "helping traceroute". > > Otherwise they could just build or run their own binary traceroute. > > > > block on em0 inet proto udp to port 33433 >< 33626 > > > > This appears to work, but couldn't traceroute be built to use other UDP > > ports? Perhaps I should block all UDP ports, it is no big loss really. > > > > Is there anything else I should take into consideration when trying to > > prevent a server from being discovered? The server will be behind a NAT > > with only a LAN address. > > > > Tor is a TCP-only network. UDP will never work. > > Cheers. > > -- > Juan Francisco Cantero Hurtado http://juanfra.info
