[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Please run a bridge relay! (was Re: Tor 0.2.0.13-alpha is out)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Drake Wilson wrote:
> Quoth Andrew Del Vecchio <firefox-gen@xxxxxxxxxx>, on 2007-12-23 13:36:45 -0800:
>> Roger, I'm good to go except for one thing: The permissions issue with
>> the port being 443 (less than 1024). Is there an easy way around this
>> without having to create a chroot jail, etc? I'm using the latest Ubuntu
>> 7.10. I can change file permissions but I don't want to create a
>> security vulnerability.
> 
> The obvious way to handle this, if you have iptables available, is
> probably to run the Tor server on some other port (say, 1443) and then
> use iptables to redirect incoming connections on port 443 to port 1443
> instead.

I actually take both approaches.

"Kitsune" (a regular node, not a bridge) listens on a non-privileged
port, having my network's public port 443 redirected to that port.

I also use northernsecurity.net's Debian scripts, which allow easy
chrooting of Tor. =:o)

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHcFknbgkxCAzYBCMRCBcMAJ0SQ/jHufnhE+CHVGHO7Li8cW53OACdETSE
r+8JhtGGU1xfMi981Biksd0=
=0v4X
-----END PGP SIGNATURE-----