[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Ports 443 & 80



     On Sat, 17 May 2008 18:53:35 -0500 Nathaniel Dube <njdube@xxxxxxxxx>
wrote:
>I read somewhere that you can use ports 443 and 80 to help out people stuck=
>=20
>behind really restrictive firewalls. =A0I've been trying to manually config=
>ure=20
>Tor to do just that. =A0I've configured the router for port forwaring. =A0I=
>'m=20
>pretty sure I did the same for my Linux firewall. =A0I told the firewall to=
>=20
>listen on ports 443/80 and redirect to 9090/9091. =A0So the way I understan=
>d it=20
>is, Tor servers/clients should be trying to connect to ports 443/80 --> my=
>=20
>router listens on 443/80 and bounces to my firewall --> my firewall listens=
>=20
>to 443/80 and bounces to 9090/9091 which the tor server is really listening=
>=20
>in on. =A0I'm running openSUSE 10.3. =A0I used yast to set the firewall. =
>=A0If I=20
>understand what I'm doing I use the "Masquerading" section to do firewall=20
>port forwaring. =A0Which I'm pretty sure I did correctly but for some reaso=
>n=20
>servers/clients are still unable to connect to my tor server.
>
>I could really use some help getting this working. =A0I can get the normal =
>ports=20
>working no problem and have my server join the tor network. =A0It's when I =
>try=20
>doing the port 443/80 trick that things get harry.
>
>Here are screenshots of my configuration screens I did for the port=20
>forwarding.
>
>http://img246.imageshack.us/img246/303/443zb6.png
>http://img265.imageshack.us/img265/1403/80xv7.png
>http://img253.imageshack.us/img253/483/yastmasqsm4.png
>http://img253.imageshack.us/img253/2820/yastrulesyl0.png
>http://img338.imageshack.us/img338/5127/routerpn3.png
>
>Here's portions of tor's config file. =A0I Xed out stuff that might be=20
>considered a security risk on my part.
>
>SocksPort 9050
>SocksListenAddress 127.0.0.1
>DataDirectory /home/tor/.tor
>ControlPort 9051
>
>ORPort 443
>ORListenAddress 0.0.0.0:9090
>DirPort 80
>DirListenAddress 0.0.0.0:9091

     No, no, no.  You've misunderstood the documentation pretty thoroughly.
First, the firewall referred to is not your "software firewall" for Windows.
The final image file you list above shows that your router is allowing packets
through with address redirection but not port redirection.  Use the following
in torrc:

Address  [whatever your router's external IP address is]
ORPort 443
ORListenAddress 0.0.0.0:443
DirPort 80
DirListenAddress 0.0.0.0:80

Undo all the stuff you did in your Windows firewall that is displayed in the
other image files you mention above.  Now make sure that your Windows firewall
allows tor to receive packets on ports 443 and 80 and to transmit packets on
any port.
     That's all you need to do for the way you have your router configured.
>
>Also, here's the log when I run tor in Konsole as root. =A0I know, don't ru=
>n Tor=20
>as root. =A0I'm just doing that to test it to make sure it's working before=
> I=20
>set it to start on boot under the "tor" user.

     Why would you run something as root *before* you test it?  In any case,
if you're running Windows, "root" is sort of meaningless.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************