[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Hidden Service Weirdness
On Sat, 25 Jul 2009 07:58:42 -0400 Ringo <2600denver@xxxxxxxxx>
wrote, quoting without attribution:
>"unfortunately you must run qemu as root to bind to privileged ports
>like 80, which negates some of the protections you're hoping to
>provide."
>
>Is there a system list that can be edited and have port 80 removed from it?
>
Not really. All ports numbered less than 1024 are privileged ports for
both TCP and UDP. (I have no idea about other protocols, e.g., SCTP.)
An easy solution is to advertise "ORPort 80" (or DirPort 80, whichever
you're trying to get), while using "ORListenAddress [IP address]:[real port]",
then set up NAT/RDR rules as needed to forward port 80 to the real port number.
On FreeBSD systems, tor built from the source in a downloadable tar
archive comes configured to run as userid _tor and groupid _tor. I just leave
it that way and use the method outlined above to reroute packets for the
privileged port numbers to the ports tor actually listens on. Works great for
me, and it doesn't cause tor to crash if it needs to rebind those ports for
some reason because the ports it listens on are not privileged.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************