[tor-dev] Onion Services and NAT Punching

Alec Muffett alecm at fb.com
Mon Oct 26 11:38:22 UTC 2015


> On Oct 26, 2015, at 11:34, Alec Muffett <alecm at fb.com> wrote:
>> Of course. All the cases where you set up a hidden service
>> exactly because your host is behing a NAT.
>> Like the webcam raspi I'm just booting up.
> 
> We run our tor daemons in a enclave network which can only connect outbound to the Internet, or backwards into infrastructure.

Also, it's probably wise to point out that NAT-punching (and/or SOCKS-punching outbound) reduces cost of HS adoption for organisations that don't want to rejig their network architecture to permit "yet another listener"; it's an attractive proposition to say "it only connects outbound and rendezvouses (sic?) in the middle of the tor cloud" #ohThatsOkayThenNoFirewallChanges

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151026/d07f8977/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151026/d07f8977/attachment.sig>


More information about the tor-dev mailing list