[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: configure Tor to advertise its orport as 443 but really bind to another port such as 9001
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: configure Tor to advertise its orport as 443 but really bind to another port such as 9001
- From: Stephen Carpenter <thecarp@xxxxxxxxx>
- Date: Mon, 22 Feb 2010 14:52:32 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 22 Feb 2010 14:52:44 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=Eq2hhvEKGz0Yc9qeJkHzeI3clge0BvcnAvjlyFaOTMc=; b=l2INkVKNeNfsoW6JLpzKWPBLDUeYxxvMfvP9ViZJOnS6qwmwwOe659Q8/E6lPUAJwB ZT5fIJvS52GfjMDUsI7rqEAX5VIv3V5nRrZH4qmANLg4nlptK6ZiH0tom3nRoJrMEnWE XgV+3JjE5yoXYtwOJmMt6qHxy2RLJhOM9jC18=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=M9AewgR/YzbehbtIZEUimgRqbsy/r2EacoSNY8v6piaRmdNNCX8TKLkM5h/waskkv1 nyQMJs9csbJ2d0Mrs43YkCETMv1jaoVn15KXZ09WJR7Acu3kfKINyxYU1j8Hd1fHhPFV LXXinPXdLvepCBDZj2YYoX1JvYJ9mlpWVcZPE=
- In-reply-to: <20100222062050.360ACB00B5@xxxxxxxxxxxxxxxxx>
- References: <20100222062050.360ACB00B5@xxxxxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Mon, Feb 22, 2010 at 1:20 AM, <onion.soup@xxxxxxxxxxxx> wrote:
> i followed this:
> https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#HowcanImak
> emyrelayaccessibletopeoplestuckbehindrestrictivefirewalls.3F
>
> i did three things:
> 1. set "orport 443" and "orlistenaddress 0.0.0.0:9001" in torrc file
> 2. Similarly, "dirport 80" and "dirlistenaddress 0.0.0.0:9030"
> 3. lastly, in rc.local, i added "ssh -fNL 443:localhost:9001
> localhost" and "ssh -fNL 80:localhost:9030 localhost"
Can root ssh to localhost without a password? If so, then I think that
should work.
My guess is not, since its not configured to allow that by default.
Also, the ssh connection will not restart if it dies (I maybe not an
issue over the loopback). At the very least, autossh is recommended.
However this is not really the best way to do it. IPTables is a much
better way to go. Failing that, why not just advertise the real port?
You are going to be pushing all data through a local encryption
stream, doing both encryption and decryption on the same box as
overhead to the connection.
This sort of trick really shines for making a port elsewhere available
to your local machine for browsing "inside" another network (I use it
to get to my internal machines), but, when used to just locally
forward a port, its overkill.
-Steve
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/