[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DNAT question

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] DNAT question
From: Damian Johnson <atagar1@xxxxxxxxx>
Date: Fri, 15 Jul 2011 11:11:57 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 15 Jul 2011 14:12:14 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=kQjbpSz30b4NRMko1h/dfj58xtkwgz302XcTbQ04QFU=; b=VnGotJ1LzKkJ/MCokwMpFJGuzQMOvJ7HfeTWx2DLyUaaUhNDxP/Migd5EgTfeTFk8R XPlQ/kFDn/nIiA4dqbe3zHxtiQuf+Ghqinf49nYEGIy8+9gi5U9MnfctePLfE/1iGjoQ 4l1mAg5zJMOPGEsC0tvtzmWUiY8Va2ekd9iw0=
In-reply-to: <4E207F51.8040608@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for support and questions about running Tor relays \(exit, non-exit, bridge\)." <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <4E207F51.8040608@xxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx

The far easier method is to add a "User <tor user>" entry to your
torrc then start Tor as root. This way tor will bind to the privileged
ports then lower its permissions to the given user (I've been meaning
to update that faq entry...).

Also, I wrote a relay setup wizard that makes you a nice relay
configuration (including using 443/80) automagically. To give it a try
just...
- dowload http://www.atagar.com/transfer/tmp/arm-1.4.3rc.tar.bz2
- extract and run 'arm'
- it should pop up a wizard that looks like...
  - http://www.atagar.com/transfer/tmp/arm_wizard1.png
  - http://www.atagar.com/transfer/tmp/arm_wizard2.png
  - http://www.atagar.com/transfer/tmp/arm_wizard3.png

Arm is about to have a release in the next few days so I'd love
feedback on the wizard if you have any. Cheers! -Damian

On Fri, Jul 15, 2011 at 10:56 AM, Softail <black98fxstc@xxxxxxxxx> wrote:
> I'm trying to switch my ports from 9001/9030 to 443/80. The tor
> configuration seems straight forward. I tried
>
> /sbin/iptables --append INPUT --protocol tcp --match state --state NEW
> --destination a.b.c.d --dport 9001 --jump ACCEPT
> /sbin/iptables --append INPUT --protocol tcp --match state --state NEW
> --destination a.b.c.d --dport 9030 --jump ACCEPT
> /sbin/iptables --table nat --append PREROUTING --protocol tcp
> --source-port 443 --destination a.b.c.d --jump DNAT --to-destination :9001
> /sbin/iptables --table nat --append PREROUTING --protocol tcp
> --source-port 80 --destination a.b.c.d --jump DNAT --to-destination :9030
>
> but that doesn't seem to work. The OR and Dir ports are not reachable
> from the outside. I assumed that PREROUTING happened before INPUT but
> not really an expert on this. The firewall blocks everything else
> inbound to that address but the two ports I opened. Do I need to open
> 443/80 on the INPUT chain as well and if so do I also need to keep
> 9001/9030 open also?
>
> CentOS 5.6 if that matters.
>
> Thanks
>
> --
> A man in chains knows he should have acted sooner...
> Julian Assange
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] DNAT question
  - From: Softail

References:
- [tor-relays] DNAT question
  - From: Softail

Prev by Author: Re: [tor-relays] possible bad exit or bad circuit
Next by Author: Re: [tor-relays] DNAT question
Previous by thread: [tor-relays] DNAT question
Next by thread: Re: [tor-relays] DNAT question
Index(es):
- Author
- Thread