forked from Lainports/freebsd-ports
40 lines
1 KiB
Text
40 lines
1 KiB
Text
=====================================================================
|
|
Version 2 of dnscrypt-proxy is written in Go and therefore isn't capable
|
|
of dropping privileges after binding to a low port on FreeBSD.
|
|
|
|
By default, the dnscrypt-proxy2 port will listen on (tcp/udp) port 5353
|
|
as the _dnscrypt-proxy user.
|
|
|
|
It's possible to change back to port 53, but not recommended.
|
|
|
|
Below are a few examples on how to redirect local connections from port
|
|
5353 to 53.
|
|
|
|
[ipfw]
|
|
|
|
ipfw nat 1 config if lo0 reset same_ports \
|
|
redirect_port tcp 127.0.0.1:5353 53 \
|
|
redirect_port udp 127.0.0.1:5353 53
|
|
ipfw add nat 1 ip from any to 127.0.0.1 via lo0
|
|
|
|
/etc/rc.conf:
|
|
firewall_nat_enable="YES"
|
|
|
|
/etc/sysctl.conf:
|
|
net.inet.ip.fw.one_pass=0
|
|
|
|
[pf]
|
|
|
|
rdr pass on lo0 proto { tcp udp } from any to port 53 -> 127.0.0.1 port 5353
|
|
|
|
[unbound]
|
|
|
|
server:
|
|
interface: 127.0.0.1
|
|
do-not-query-localhost: no
|
|
|
|
forward-zone:
|
|
name: "."
|
|
forward-addr: 127.0.0.1@5353
|
|
|
|
=====================================================================
|