Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Trac@tracbot

ClientDNSRejectInternalAddresses inteferes with ClientRejectInternalAddresses=1

I'm using tor-0.4.05.

In the onion proxy's torcc, I set

ClientRejectInternalAddresses 0
MapAddress 127.0.0.1 127.0.0.1.FINGERPRINT.exit
MapAddress localhost localhost.FINGERPRINT.exit
UseMicrodescriptors 0

and on my exit node:

ExitRelay 1
ExitRelayRejectPrivate 0
ExitPolicy accept private:8080-8090
ExitPolicy reject *:*

If I then issue a request through the OP to get a page served by a webserver running locally on the exit node

curl --socks4 127.0.0.1:9050 http://127.0.0.1:8080/index.html

the OP's socks server says the connection is not permitted. Specifically, core/or/relay.c:1347 denies the connection and logs "connection_edge_process_relay_cell_not_open(0: ...but it claims the IP address was 127.0.0.1".

Also not that per the tor.1 manpage, and more specifically, enforced in app/config/config.c:4420, ClientDNSRejectInternalAddresses cannot be set to 0 when using the production Tor network.

In other words, the enforcement of ClientDNSRejectInternalAddresses is being applied when no DNS request is actually made, and, moreover, interferes with the ClientRejectInternalAddresses and MapAddress configuration.

Trac:
Username: smherwig

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information