ClientDNSRejectInternalAddresses inteferes with ClientRejectInternalAddresses=1
I'm using tor-0.4.05.
In the onion proxy's torcc, I set
ClientRejectInternalAddresses 0
MapAddress 127.0.0.1 127.0.0.1.FINGERPRINT.exit
MapAddress localhost localhost.FINGERPRINT.exit
UseMicrodescriptors 0
and on my exit node:
ExitRelay 1
ExitRelayRejectPrivate 0
ExitPolicy accept private:8080-8090
ExitPolicy reject *:*
If I then issue a request through the OP to get a page served by a webserver running locally on the exit node
curl --socks4 127.0.0.1:9050 http://127.0.0.1:8080/index.html
the OP's socks server says the connection is not permitted. Specifically, core/or/relay.c:1347
denies the connection and logs "connection_edge_process_relay_cell_not_open(0: ...but it claims the IP address was 127.0.0.1".
Also not that per the tor.1
manpage, and more specifically, enforced in app/config/config.c:4420
, ClientDNSRejectInternalAddresses
cannot be set to 0
when using the production Tor network.
In other words, the enforcement of ClientDNSRejectInternalAddresses
is being applied when no DNS request is actually made, and, moreover, interferes with the ClientRejectInternalAddresses
and MapAddress
configuration.
Trac:
Username: smherwig