configure Tor to advertise its orport as 443 but really bind to another port such as 9001

Stephen Carpenter thecarp at gmail.com
Mon Feb 22 19:52:32 UTC 2010


On Mon, Feb 22, 2010 at 1:20 AM,  <onion.soup at nym.hush.com> wrote:
> i followed this:
> https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#HowcanImak
> emyrelayaccessibletopeoplestuckbehindrestrictivefirewalls.3F
>
> i did three things:
> 1. set "orport 443" and "orlistenaddress 0.0.0.0:9001" in torrc file
> 2. Similarly, "dirport 80" and "dirlistenaddress 0.0.0.0:9030"
> 3. lastly, in rc.local, i added "ssh -fNL 443:localhost:9001
> localhost" and "ssh -fNL 80:localhost:9030 localhost"

Can root ssh to localhost without a password? If so, then I think that
should work.
My guess is not, since its not configured to allow that by default.
Also, the ssh connection will not restart if it dies (I maybe not an
issue over the loopback). At the very least, autossh is recommended.

However this is not really the best way to do it. IPTables is a much
better way to go. Failing that, why not just advertise the real port?
You are going to be pushing all data through a local encryption
stream, doing both encryption and decryption on the same box as
overhead to the connection.

This sort of trick really shines for making a port elsewhere available
to your local machine for browsing "inside" another network (I use it
to get to my internal machines), but, when used to just locally
forward a port, its overkill.

-Steve
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list