noname on Nostr: with some firewall changes, you can afaik, seed ipfs content on tor without ip leak. ...
with some firewall changes, you can afaik, seed ipfs content on tor without ip leak. the idea is to block udp, because it bypasses tor. got like 10 peers with only tcp, but that is enough to propagate content to the network.
sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 51820 -j ACCEPT
sudo iptables -A OUTPUT -p udp -j DROP
torify ipfs daemon
sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 51820 -j ACCEPT
sudo iptables -A OUTPUT -p udp -j DROP
torify ipfs daemon
quoting note1py8…6nfrsetup #wireguard #vpn for browser only:
install #wireproxy
create wireproxy.conf with following contents:
// file: wireproxy.conf
WGConfig = yourwireguard.conf
[Socks5]
BindAddress = 127.0.0.1:25344
//
setup #firefox to connect to socks5 proxy at 127.0.0.1:25344
go to whatismyip.com to check it works
quoting note1cj7…yndybecause #udp is shit and doesnt support #anonymity protocols like tor, lets make system #anonymous again. create #iptables rules to block basically all udp traffic. here i added two exceptions. first is to allow dns lookops in port 53, this way your #curl duckduckgo.com still works
second exception is 51820 port which is wireguard vpn uses by default, so if you need to connect to vpn, you need that one.
the last rule drops all other udp connections. here are the rules to add:
sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 51820 -j ACCEPT
sudo iptables -A OUTPUT -p udp -j DROP
now lets test bittorrenting. i tried to add some normal http/https trackers from this list https://raw.githubusercontent.com/ngosang/trackerslist/master/trackers_best.txt to a popular torrent.
at first it seemed like #bittorrent didnt connect, but now it seems to download
lets try #ipfs:
ipfs swarm peers
it shows only tpc connections
excellent
however
sudo netstat -tulpn
still shows some udp connections. im not sure if these are real connected connections of not(?)
so here was some testing made. make your own decisions whether this works well enough or not
after blocking all udp traffic, using command like torify should be much less likely to leak your #ip