[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Firewall setting in Tor Browser not working?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Firewall setting in Tor Browser not working?
From: Roger Dingledine <arma@xxxxxxx>
Date: Wed, 1 Aug 2018 12:01:32 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 01 Aug 2018 12:01:45 -0400
In-reply-to: <0b0d372d-4426-713c-2b3f-9f4f74f1ac45@balist.es>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <0b0d372d-4426-713c-2b3f-9f4f74f1ac45@balist.es>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.10.1 (2018-07-13)

On Wed, Aug 01, 2018 at 04:06:27PM +0200, Cristian Consonni wrote:
> I have a couple of questions about the "Tor Network settings" in Tor
> browser.
> 
> Tor browser can be configure to use bridges and/or pluggable transport
> if needed. However it may happen that these PT are exposed on port that
> cannot be reached from behind company/university restrictive firewalls.
> 
> In the Tor Network settings (clicking on the onion icon) I see that
> there is an option that says "This computer goes through a firewall that
> only allows connections to certain ports", this option is not available
> when ou click on the "Configure" button when you want to configure a
> connection when Tor is starting up.
>[...]
> My first question is: why there is this difference?

Hm! I think this is a bug. It should probably both be like the simpler
interface.

Turns out there is this ticket open for fixing it:
https://trac.torproject.org/24452

You can find the reasoning for simplifying the interface on this ticket:
https://trac.torproject.org/11405#comment:7

And you can read a similar thread to yours here:
https://lists.torproject.org/pipermail/tor-dev/2018-July/thread.html#13270

> The second question is about how this setting work.
> Here's my scenario, born out of testing a bridge with pluggable
> transport [1]:
> * I start Tor browser normally
> * I go to "Tor Network settings" and I put in my bridge with plugglable
> transport
> * I enable the firewall setting indicating to go through ports 80,443
> (default value)
> 
> with this configuration Tor Browser does not work.

Restricting your outgoing ports to 80,443 means that your Tor won't
attempt to connect to anything that isn't on port 80 or port 443.

So if your PT bridge is listening on some other port than 80 or 443, Tor
will choose not to try connecting to it, since that's what you asked for.

And if that is indeed what happened here, I think it is a further argument
in favor of simplifying the interface rather than sticking with the
current confusing one. :)

Thanks,
--Roger

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Firewall setting in Tor Browser not working?
  - From: Cristian Consonni

References:
- [tor-talk] Firewall setting in Tor Browser not working?
  - From: Cristian Consonni

Prev by Author: Re: [tor-talk] HSTS forbids "Add an exception" (also, does request URI leak?)
Next by Author: Re: [tor-talk] torjail - run programs in tor network namespace
Previous by thread: [tor-talk] Firewall setting in Tor Browser not working?
Next by thread: Re: [tor-talk] Firewall setting in Tor Browser not working?
Index(es):
- Author
- Thread