Ports 443 & 80

[Nathaniel Dube <njdube@xxxxxxxxx>]

I read somewhere that you can use ports 443 and 80 to help out people stuck 
behind really restrictive firewalls.  I've been trying to manually configure 
Tor to do just that.  I've configured the router for port forwaring.  I'm 
pretty sure I did the same for my Linux firewall.  I told the firewall to 
listen on ports 443/80 and redirect to 9090/9091.  So the way I understand it 
is, Tor servers/clients should be trying to connect to ports 443/80 --> my 
router listens on 443/80 and bounces to my firewall --> my firewall listens 
to 443/80 and bounces to 9090/9091 which the tor server is really listening 
in on.  I'm running openSUSE 10.3.  I used yast to set the firewall.  If I 
understand what I'm doing I use the "Masquerading" section to do firewall 
port forwaring.  Which I'm pretty sure I did correctly but for some reason 
servers/clients are still unable to connect to my tor server.

I could really use some help getting this working.  I can get the normal ports 
working no problem and have my server join the tor network.  It's when I try 
doing the port 443/80 trick that things get harry.

Here are screenshots of my configuration screens I did for the port 
forwarding.

http://img246.imageshack.us/img246/303/443zb6.png
http://img265.imageshack.us/img265/1403/80xv7.png
http://img253.imageshack.us/img253/483/yastmasqsm4.png
http://img253.imageshack.us/img253/2820/yastrulesyl0.png
http://img338.imageshack.us/img338/5127/routerpn3.png

Here's portions of tor's config file.  I Xed out stuff that might be 
considered a security risk on my part.

SocksPort 9050
SocksListenAddress 127.0.0.1
DataDirectory /home/tor/.tor
ControlPort 9051

ORPort 443
ORListenAddress 0.0.0.0:9090
DirPort 80
DirListenAddress 0.0.0.0:9091

Also, here's the log when I run tor in Konsole as root.  I know, don't run Tor 
as root.  I'm just doing that to test it to make sure it's working before I 
set it to start on boot under the "tor" user.

May 16 23:09:16.449 [notice] Tor v0.1.2.19. This is experimental software. Do 
not rely on it for strong anonymity.
May 16 23:09:16.450 [notice] Initialized libevent version 1.3b using method 
epoll. Good.
May 16 23:09:16.450 [notice] Opening OR listener on 0.0.0.0:9090
May 16 23:09:16.450 [notice] Opening Directory listener on 0.0.0.0:9091
May 16 23:09:16.450 [notice] Opening Socks listener on 127.0.0.1:9050
May 16 23:09:16.450 [notice] Opening Control listener on 127.0.0.1:9051
May 16 23:09:16.451 [warn] You are running Tor as root. You don't need to, and 
you probably shouldn't.
May 16 23:09:16.642 [notice] Your Tor server's identity key fingerprint 
is 'XXXXXXXXXXXXXXXXXXX'
May 16 23:09:18.240 [notice] We now have enough directory information to build 
circuits.
May 16 23:09:18.438 [notice] Guessed our IP address as XXXXXXXXXXXXX.
May 16 23:09:21.856 [notice] Tor has successfully opened a circuit. Looks like 
client functionality is working.
May 16 23:09:21.856 [notice] Now checking whether ORPort XXXXXXX:443 and 
DirPort XXXXXXXXXXXX:80 are reachable... (this may take up to 20 minutes -- 
look for log messages indicating success)
May 16 23:29:18.900 [warn] Your server (XXXXXXXXXXX:443) has not managed to 
confirm that its ORPort is reachable. Please check your firewalls, ports, 
address, /etc/hosts file, etc.
May 16 23:29:18.900 [warn] Your server (XXXXXXXXXX:80) has not managed to 
confirm that its DirPort is reachable. Please check your firewalls, ports, 
address, /etc/hosts file, etc.