我有 lubuntu 22.04 LTS 和 TOR 守护进程以及 torrc 配置
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 9053
和 iptables 规则
#exclude locals
TOR_EXCLUDE="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
#tor uid
TOR_UID="debian-tor"
#tor socks port
TOR_PORT="9040"
#tor dns port
TOR_DNS="9053"
iptables -F
iptables -X
iptables -t nat -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#set iptables nat
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
#set dns redirect
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports $TOR_DNS
iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-ports $TOR_DNS
iptables -t nat -A OUTPUT -p udp -m owner --uid-owner $TOR_UID -m udp --dport 53 -j REDIRECT --to-ports $TOR_DNS
#exclude locals
for NET in $TOR_EXCLUDE 127.0.0.0/9 127.128.0.0/10; do
iptables -t nat -A OUTPUT -d $NET -j RETURN
iptables -A OUTPUT -d "$NET" -j ACCEPT
done
for NET in $TOR_EXCLUDE 127.0.0.0/8; do
iptables -A OUTPUT -d $NET -j ACCEPT
done
# redirect all other output through tor
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TOR_PORT
iptables -t nat -A OUTPUT -p udp -j REDIRECT --to-ports $TOR_PORT
iptables -t nat -A OUTPUT -p icmp -j REDIRECT --to-ports $TOR_PORT
# allow only tor output
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
# accept already established connections
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
所以问题出在最后两条规则上
#iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
没有任何规则起作用,因此无法接受输入流量,这是通过将默认输入规则从降低到接受一切不安全的东西
无法真正理解问题和解决方案
而且 #exclude locals 部分让我对这两个条件感到困惑
谢谢