[tor-relays] Non-standard Bridge

brightsidedarkside at t-online.de brightsidedarkside at t-online.de
Mon Sep 21 21:18:22 UTC 2015


Hey again,

I have a similar setup and I think up-to-date-synopsis is

ORPort 80 NoListen
ORPort 0.0.0.0:9001 NoAdvertise

A good start to avoid proxy circumventing software is here.
Notice potential flaws mentioned there!
You might want to just torify a certain user or a machine or everything in your network - here is how to do this.

The problem with normal proxification is every plugin can leak your IP and must be therefore disabled.
You must be ABSOLUTELY sure no software you use this way leaks e.g. DNS info.

Using your kernel's packet filter is IMHO the most user-friendly and reasonably secure way to rock'n'roll.
I might be wrong, but hey, others will prevent you from trusting me. ;-)

Kind regards

christian


-----Original-Nachricht-----
Betreff: Re: [tor-relays] Non-standard Bridge
Datum: Mon, 21 Sep 2015 22:53:54 +0200
Von: Geoff Down <geoffdown at fastmail.net>
An: tor-relays at lists.torproject.org



On Mon, Sep 21, 2015, at 06:59 PM, Steve Snyder wrote:
> You've set 2 port numbers, 9001 and 80, to listen on.  Pick one or the
> other.
 One is the internal port on which Tor listens, the other is the one
 advertised to the outside world. The router forwards one to the other -
 this works fine for normal relays, is there any reason for it not to
 work for a Bridge?

> 
> 
> Also, set "SocksPort 0".
> 
 That would stop Tor handling local connections from applications. Is
 running a Bridge incompatible with local clent traffic? I couldn't find
 anything to that effect in the docs.

I did get a 'Self-testing indicates your ORPort is reachable from the
outside' message eventually - there was just a 12 minute wait between
'Bootstrapped 100%' and 'Guessed our IP address as', the reachability
test followed immediately after.

> 
> On Monday, September 21, 2015 1:20pm, "Geoff Down"
> <geoffdown at fastmail.net> said:
> 
> > Hello all,
> >  I'm trying to set up a Bridge/Client Tor instance with the following
> >  torrc:
> > 
> > ControlPort 9051
> > ExitPolicy reject *:*
> > HashedControlPassword <pwd>
> > Nickname <nickname>
> > ORListenAddress 0.0.0.0:9001
> > ORPort 80
> > BridgeRelay 1
> > ContactInfo <contactinfo>
> > 
> > Should this work as a bridge? Client functionality is fine (port 80 is
> > forwarded to 9001) but there is no reachability test in the log. I have
> > a "bridge's hashed identity key fingerprint" in there; where is it I can
> > check online to be sure the BridgeDB has received it? I wanted to check
> > it worked with fixed ports before I tried 'ORPort auto'.
> > 
> > GD
> > 
> > --
> > http://www.fastmail.com - Faster than the air-speed velocity of an
> >                           unladen european swallow
> > 
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > 
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
http://www.fastmail.com - A no graphics, no pop-ups email service

_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays





More information about the tor-relays mailing list