blob: 4be749c49cf6f9ef86ff28c7d81e0c31674b38f7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
=====================================================================
Version 2 of dnscrypt-proxy is written in Go and therefore isn't capable
of dropping privileges after binding to a low port on FreeBSD.
By default, the dnscrypt-proxy2 port will listen on (tcp/udp) port 5353
as the _dnscrypt-proxy user.
It's possible to change back to port 53, but not recommended.
Below are a few examples on how to redirect local connections from port
5353 to 53.
[ipfw]
ipfw nat 1 config if lo0 reset same_ports \
redirect_port tcp 127.0.0.1:5353 53 \
redirect_port udp 127.0.0.1:5353 53
ipfw add nat 1 ip from any to 127.0.0.1 via lo0
/etc/rc.conf:
firewall_nat_enable="YES"
/etc/sysctl.conf:
net.inet.ip.fw.one_pass=0
[pf]
rdr pass on lo0 proto { tcp udp } from any to port 53 -> 127.0.0.1 port 5353
[unbound]
server:
interface: 127.0.0.1
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353
=====================================================================
|