[tor-relays] Tor Relay in Kubernetes cluster
Felix
zwiebel at quantentunnel.de
Fri Aug 18 12:38:54 UTC 2023
> Daniel Nikoloski
Hi Daniel
Not sure if that already has been answered. I don't use Kubernetes cluster but I find this one interesting:
> > Address 38.242.233.101
> > ORPort 9001 NoAdvertise IPv4Only
> > ORPort 32150 NoListen IPv4Only
I believe the Tor server service will publish port 32150 but it listens
to port 9001. It will not listen to where foreign Tor clients speak.
Simply "ORPort 9001" could be enough if you bind Tor to the published
address 38.242.233.101.
Unrelated:
If you will bind the Tor server service to an internal address
(10.x.x.x) ie for use in a container, NoAdvertise and NoListen can
be used to explain it to Tor:
Address 38.242.233.101
ORPort 10.x.x.x:9001 NoAdvertise IPv4Only
ORPort 38.242.233.101:32150 NoListen IPv4Only
The firewall needs to forward the traffic from the external to
the internal addresses. In pf world:
rdr on $IFEXT inet proto tcp from any to 38.242.233.101 port 32150
-> 10.x.x.x port 9001
Finally (in my setup) the outbound traffic needs nat. In pf world:
nat on $IFEXT inet from 10.x.x.x to any -> 38.242.233.101
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: Digitale Signatur von OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20230818/6872a5e0/attachment.sig>
More information about the tor-relays
mailing list