[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] making sure I configure OutboundBindAddressExit correctly



Hi,

since I really like this new feature
I added [1] initial autoconfiguration support for it to ansible-relayor
(user can opt-in via a single boolean and we automate the rest).

I want to make sure I do this correctly and would like your feedback on
the following questions:

a)
Is 'OutboundBindAddressOR' in the following context optional (in the
sense that it does not change tor's behavior)?

ExitRelay 1
ExitPolicy reject *:25,accept *:*
ORPort 1.2.3.4:9001
OutboundBindAddress 1.2.3.4
OutboundBindAddressOR 1.2.3.4
OutboundBindAddressExit 7.7.7.7

is identical to:

ExitRelay 1
ExitPolicy reject *:25,accept *:*
ORPort 1.2.3.4:9001
OutboundBindAddress 1.2.3.4
OutboundBindAddressExit 7.7.7.7


(since according to the manual page OutboundBindAddress*OR* would just
override OutboundBindAddress, which is not needed in the above example
since they match)

b)
Is it ok to set OutboundBindAddressExit for IPv4 only, even if we set
'IPv6Exit 1' or is setting an IPv6 OutboundBindAddressExit address
required after setting OutboundBindAddressExit for IPv4?

Since this question might be a bit confusing I'll give an example in
form of torrc lines:


ORPort 1.2.3.4:9001
OutboundBindAddress 1.2.3.4
OutboundBindAddressExit 7.7.7.7
IPv6Exit 1
ExitRelay 1
ExitPolicy reject *:25,accept *:*

(this config has an IPv4 OutboundBindAddressExit entry but no IPv6
OutboundBindAddressExit entry)


c)
Similar to (b) is it ok to enable OutboundBindAddressExit for IPv6 only?

d)
Is it ok if multiple tor instances on the same host use the same
OutboundBindAddressExit address?
(ignoring the fact that big exits might run out of source ports?)

thanks,
nusenu



[1]
https://github.com/nusenu/ansible-relayor/commit/00fa7c571e8b6f6256092d992831598ad73201db

-- 
https://mastodon.social/@nusenu
https://twitter.com/nusenu_

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev