Nick Mathewson: > On Sep 3, 2012 2:21 PM, "adrelanos" <adrela...@riseup.net> wrote: >> >> intrigeri: >>> Hi, >>> >>> Nick Mathewson wrote (30 Aug 2012 15:10:52 GMT) : >>>> or using some kind of iptables trickery? >>> >>> I'm not sure how doable it is to use iptables to convert HTTP proxying >>> to SOCKS, but I'd be happy to learn :) >> >> Iptables can not translate from one protocol to another. > > But it can forward connections to a transparent proxy -- like, say, Tor's > TransPort feature. The tricky part here would be coming up with a way to > forward only the correct connections.
I'd certainly help with rule creation, I experimented already with it. The safest thing would be probable to start each application under their own user account, or using other iptables -owner features, perhaps in conjunction with a per destination port. But like said before, I don't think this is a good solution. > Failing that, torsocks is indeed a way pretty good option. > I don't think so. It's only a hack. Doesn't work on Windows. It can be sufficient for distributions such as Tails or aos. For end users it's much too hard to use torsocks for stream isolation. A clean solution is much desirable. Reasons: It has an IPv6 leak bug. https://trac.torproject.org/projects/tor/wiki/doc/torsocks#WorkaroundforIPv6leakbug A patch flooding all console output (and therefore breaking applications based on console applications) is still not merged upstream. https://code.google.com/p/torsocks/issues/detail?id=3 Fortunately intrigeri merged it into Debian. Torsocks / usewithtor does not support choosing to which Tor SocksPort you want to redirect. We need this to utilize stream isolation. I wrote a hack. https://trac.torproject.org/projects/tor/wiki/doc/torsocks It's far from perfect. Still requires a wrapper. How else people could transparently use apt-get with stream isolation, without issuing torsocks themselves. I mean, without a wrapper they had to use 'torsocks apt-get' instant of a simple 'apt-get'. For more reasons please referrer to my last mail on Tails-dev about this topic. https://mailman.boum.org/pipermail/tails-dev/2012-August/001422.html The relevant part begins with "Unfortunately, not all applications support socks settings...". _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
