I have a subnet (and vlan) where everything is routed to the internet via tor.
Until now I needed the following 3 additional iptables rules in /etc/firewall.user
:
# DNS requests on port 53 are redirected to port 9053
iptables -t nat -A prerouting_tor_rule -i br-lan.4 -p udp --dport 53 -j REDIRECT --to-ports 9053
# All TCP requests are redirected to port 9040
iptables -t nat -A prerouting_tor_rule -i br-lan.4 -p tcp --syn -j REDIRECT --to-ports 9040
# when using tor on this box to resolve DNS requests, .onion addresses are translated to this range
iptables -t nat -A prerouting_tor_rule -d 10.192.0.0/16 -p tcp --syn -j REDIRECT --to-ports 9040
Now iptables has been replaced by nftables and I'm thinking about how to bring these 3 rules into the fw4 world.
Instead of using user-defined nftable-commands again, I would prefer a direct rule within /etc/config/firewall
.
Anyone have any ideas?
Thanks a lot already!
I tried to transfer the first rule to fw4 - would this approach be correct?:
config redirect
option target 'DNAT'
option name 'tor-redirect-53-to-9053'
list proto 'udp'
option src 'tor'
option src_dport '53'
option dest_ip '192.168.4.2'
option dest_port '9053'