[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor Beginner's Questions
Thanks for getting to this amongst everything else Roger.
On 05/01/2005, at 7:19 PM, Roger Dingledine arma-at-mit.edu |or-talk|
On Fri, Dec 31, 2004 at 05:08:43PM +1100, ffi2fdq02@xxxxxxxxxxxxxx
1) "allow local connections to port 8118 and port 9050"
Maybe I'm missing some subtlety in the word 'local' but does this
mean incoming, outgoing, neither or both should be allowed? As far as
I know, I haven't allowed either port incoming or outgoing and yet tor
client seems to be working.
Local means "from 127.0.0.1 to 127.0.0.1" -- some firewalls seem to
even these sorts of connections, and people who run them don't tend to
realize they're running them, so it's sort of hard to document for. Any
suggestions on how to fix the wording?
My suggestion FWIW is "if your firewall can limit your machine's
ability to connect to itself then ensure that such connection is
allowed on ports 8118 and 9050." I understand the catch-22 about
"people who run them..." and I think it shall remain a catch-22 unless
it is to become a multi-page document in itself. Whilst I don't run
one of those firewalls I'm probably close to that class of people and
I/we simply have to have the initiative to search and question until we
understand. Otherwise we can simply wait until technology like tor
matures to the point where anyone can use it without having a clue what
2) "outgoing connections... <allow> ports 80, 443, and 9001-9033"
I've allowed outgoing connections on all (only) these ports. Why
does tor still regularly make attempts at other ports. I blocked them
all and the tor client still works. Is there any advantage to
these too? Is there a definable range?
I've just added this answer as
Nice. Completely answered thank you.
Currently the 'FirewallPorts' config option doesn't support ranges,
numbers. Is this something we should fix?
It's not something I would like to see 'fixed' at this stage. There's
simply a trade off here. I don't wish to spend much time on security
but I value it. Therefore I block all ports except those I *know* are
being used by services I desire. Consequently it suits me to block
everything else. If my need for anonymity rose then I may trade that
off against this easy but overkill approach to security.
No. Thank you!:)