vidalia and new firewall config
Christian Grothoff
christian at grothoff.org
Tue Aug 28 09:53:24 UTC 2007
On Tuesday 28 August 2007 03:34, Roger Dingledine wrote:
> > Choosing 443 makes this hard to implement because Tor has to be started
> > as root to bind to it. Would it be as well to suggest a popular
> > high-numbered port such as 8080?
>
> Good point. I guess in Windows-land it should be 443, but in Unix-land
> it shouldn't be. Is 8080 popular? What are other good choices that won't
> stand out too much?
I disagree a bit here. It is pretty easy to use iptables & friends to map the
external port 443 to any other internal port. I've been using this in
GNUnet -- the http transport advertises the public port 80 and internally
uses a different port. The user than adds a rule to the firewall
configuration, something like:
# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j
REDIRECT --to-ports 8080
and voila, incoming connections on port 80 go to port 8080. No need to run as
root (except for iptables, and I guess we can assume that much control of the
machine) and we're on a standard privileged port (as far as the network is
concerned).
My 2 cents
Christian
More information about the tor-dev
mailing list