Blog index–Rollingš„blog–Permalink
A short one, probably.
Iptables is fun tool to learn. But something that wasn't fun to learn was realizing certain information required a specific search phrase, in this case 'iptables tor hidden service'. Think of it: there are things I have wanted to know about but because I wasn't sure how to phrase the search or because I was unfamiliar with the lingo (and thus was completely unable to search for it albeit in vague terms) I had to pass on it or come up with my own idea on how to implement it. Sad!
Anyway, here is a* recipe for getting your hidden service to work with iptables:
iptables -A OUTPUT -j ACCEPT -m owner --uid-owner tor iptables -A INPUT -p tcp --dport 9001 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 9001 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 9050 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 9050 -m conntrack --ctstate ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 9060 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 9060 -m conntrack --ctstate ESTABLISHED -j ACCEPT
In this set of instructions... port 9060 is the socks port that my hidden service is listening on. I've separated my relay from my hidden service because the relay hits the cap often. I'll just assume you know how to work out the rest on your own! :)