Re: [tor-relays] Tor Relay Operators Needs

Subject: Re: [tor-relays] Tor Relay Operators Needs

From: Matthew Glennon <matthew@glennon.online>

Date: Thu, 21 Jun 2018 08:25:50 -0400

Delivery-date: Thu, 21 Jun 2018 08:26:14 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=glennon-online.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lrB7H0HZLnF+jpmR2zl+fkqLBZb9+OBEhbgPzBSHImY=; b=BZCR5jdy780OvyVRrndCzus/IcgcFh4mW6VYlInj1FkQAf5W5NOCCGa1/QY+u99o+l jr5N3lmAyUBZhpDqqu7jyf497WzZh47kpYKwnM3ziJ9sE89HQWjo2g4x1ibsLudwGRGI imHP0xanDmRwWho41/bnrASEGFwSaGpTMMZYv+HBbYDBrfYt9l2yB37z5K8vxxcMxCCi su3z6KuTMo0klKEJPiy2uuhtj8GdsPSVwdNZRk6/1GQuWJ+0p1gDsMF+UWb62JnmkRmr 0NSUyQJKYJ36f/PI7sDusSRBHlIYbYUtAImmaPaYLqBsXpGKFSf0vBP8RrZm2noAsExW KzZQ==

In-reply-to: <6b2ea580-9d86-b146-8b32-dc6ef2e19bad@riseup.net>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <CALR3k-HOZQVPdQnvhp+f++Z+ce2tmNzJGBB=RtZDMbhnJCA54Q@mail.gmail.com> <00d41e4b-1976-023a-6554-a5fae1b56df8@riseup.net> <CALR3k-FCxAB3o9scjVYz3J0i71sE883jBjSH-Awa1FMVx9Vqnw@mail.gmail.com> <12a70373-905d-9286-4c6a-2715e6dcc66a@riseup.net> <CALR3k-E6OBFWY+vG=_A+sHtN5X5g3bsdLcrnCRFk4YS3hFOOxA@mail.gmail.com> <6b2ea580-9d86-b146-8b32-dc6ef2e19bad@riseup.net>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Relays intending to act as Guards choose port 443 because it (and 80) are usually reachable in the tightest of network security situations (where traffic destined for most all other ports is blocked at the gateway/firewall.) At least that's my reasoning for it.

On Wed, Jun 20, 2018 at 11:16 AM nusenu <nusenu-lists@xxxxxxxxxx> wrote:

>> Yes DirPort does not speak TLS, but since 443 is also best used
>> for ORPort (because it is often one of the ports that are allowed to pass
>> through firewalls)
>> - https is not possible on the same IP (when already used by the ORPort).
>>
>
> Well... that's kind of a hack to handle ORPort going through in various
> hosting scenarios.

The ORPort selection is primarily important for the client -> guard connection.
For relay <> relay connections firewalls shouldn't matter (that much)

> I don't know what ORPort most relays use (I guess I can get
> that from onionoo to some degree) but I do want to hope they are not all
> riding 443 (I know I don't use 443 for my ORPort on both relays).

Top 20 ORPorts by relay count:

+---------+----------+
| or_port | #relays |
+---------+----------+
| 9001 | 3289 |
| 443 | 2080 |
| 9002 | 67 |
| 80 | 62 |
| 8443 | 53 |
| 8080 | 52 |
| 9090 | 35 |
| 9100 | 31 |
| 110 | 30 |
| 444 | 29 |
| 21093 | 26 |
| 9000 | 22 |
| 993 | 22 |
| 9003 | 21 |
| 21 | 18 |
| 9010 | 15 |
| 20 | 14 |
| 22 | 14 |
| 143 | 14 |
| 19001 | 13 |
+---------+----------+

--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Matthew Glennon

matthew@glennon.online

PGP Signing Available Upon Request
https://keybase.io/crazysane

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays