[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Ports 443 & 80

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Ports 443 & 80
From: Robert W Capps II <robert@xxxxxxxx>
Date: Sun, 18 May 2008 10:38:40 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 18 May 2008 13:38:57 -0400
In-reply-to: <200805171853.35244.njdube@xxxxxxxxx>
References: <200805171853.35244.njdube@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

I've not tried to setup a TOR node with your config, but I'll tell youhow I got mine to work :


Assumptions for the following configuration:

1.1.1.1 - Public IP address of Firewall (assumes you are using NATinternally)

  2.2.2.2 - Private IP address in use on the TOR server
  :9090 - Private OR Port
  :443   - Public OR Port
  :9091 - Private DIR Port
  :80     - Public DIR Port

First I set my firewall up to accept the following external ports, andforward them to the TOR server - basically port forwarding with NAT:


  1.1.1.1:443 -NAT and port forward to-> 2.2.2.2:9090
  1.1.1.1:80   -NAT and port forward to-> 2.2.2.2:9091

The TOR server was then configured to listen locally for TOR trafficon 2.2.2.2:9090 and 2.2.2.2:9091, so you'll need to set the followingitems in your torrc file:

## The IP or FQDN for your server. Leave commented out and Tor willguess.

  Address 1.1.1.1

  ## Required: what port to advertise for Tor connections.
  ORPort 443
  ORListenAddress 2.2.2.2:9090

## Optional: what port to advertise for TOR directoryconnections.Uncomment this to mirror the directory for others.

  DirPort 80
  DirListenAddress 192.168.3.20:9091

So, without validating your firewall setup, I would think you need tomodify your 'ORListenAddress' and 'DIRListenAddress' to reflect theACTUAL IP address (not 0.0.0.0) of your TOR server, and set your'Address' value to the actual public IP address of your firewall(note, no port required on the 'Address' value).


Hope this helps!

Robert



On May 17, 2008, at 4:53 PM, Nathaniel Dube wrote:

I read somewhere that you can use ports 443 and 80 to help outpeople stuckbehind really restrictive firewalls. I've been trying to manuallyconfigureTor to do just that. I've configured the router for portforwaring. I'mpretty sure I did the same for my Linux firewall. I told thefirewall tolisten on ports 443/80 and redirect to 9090/9091. So the way Iunderstand itis, Tor servers/clients should be trying to connect to ports 443/80--> myrouter listens on 443/80 and bounces to my firewall --> my firewalllistensto 443/80 and bounces to 9090/9091 which the tor server is reallylisteningin on. I'm running openSUSE 10.3. I used yast to set thefirewall. If Iunderstand what I'm doing I use the "Masquerading" section to dofirewallport forwaring. Which I'm pretty sure I did correctly but for somereason
servers/clients are still unable to connect to my tor server.
I could really use some help getting this working. I can get thenormal portsworking no problem and have my server join the tor network. It'swhen I try
doing the port 443/80 trick that things get harry.

Here are screenshots of my configuration screens I did for the port
forwarding.

http://img246.imageshack.us/img246/303/443zb6.png
http://img265.imageshack.us/img265/1403/80xv7.png
http://img253.imageshack.us/img253/483/yastmasqsm4.png
http://img253.imageshack.us/img253/2820/yastrulesyl0.png
http://img338.imageshack.us/img338/5127/routerpn3.png

Here's portions of tor's config file.  I Xed out stuff that might be
considered a security risk on my part.

SocksPort 9050
SocksListenAddress 127.0.0.1
DataDirectory /home/tor/.tor
ControlPort 9051

ORPort 443
ORListenAddress 0.0.0.0:9090
DirPort 80
DirListenAddress 0.0.0.0:9091
Also, here's the log when I run tor in Konsole as root. I know,don't run Toras root. I'm just doing that to test it to make sure it's workingbefore I
set it to start on boot under the "tor" user.
May 16 23:09:16.449 [notice] Tor v0.1.2.19. This is experimentalsoftware. Do
not rely on it for strong anonymity.
May 16 23:09:16.450 [notice] Initialized libevent version 1.3b usingmethod
epoll. Good.
May 16 23:09:16.450 [notice] Opening OR listener on 0.0.0.0:9090
May 16 23:09:16.450 [notice] Opening Directory listener on0.0.0.0:9091
May 16 23:09:16.450 [notice] Opening Socks listener on 127.0.0.1:9050
May 16 23:09:16.450 [notice] Opening Control listener on127.0.0.1:9051May 16 23:09:16.451 [warn] You are running Tor as root. You don'tneed to, and
you probably shouldn't.
May 16 23:09:16.642 [notice] Your Tor server's identity keyfingerprint
is 'XXXXXXXXXXXXXXXXXXX'
May 16 23:09:18.240 [notice] We now have enough directoryinformation to build
circuits.
May 16 23:09:18.438 [notice] Guessed our IP address as XXXXXXXXXXXXX.
May 16 23:09:21.856 [notice] Tor has successfully opened a circuit.Looks like
client functionality is working.
May 16 23:09:21.856 [notice] Now checking whether ORPort XXXXXXX:443andDirPort XXXXXXXXXXXX:80 are reachable... (this may take up to 20minutes --
look for log messages indicating success)
May 16 23:29:18.900 [warn] Your server (XXXXXXXXXXX:443) has notmanaged toconfirm that its ORPort is reachable. Please check your firewalls,ports,
address, /etc/hosts file, etc.
May 16 23:29:18.900 [warn] Your server (XXXXXXXXXX:80) has notmanaged toconfirm that its DirPort is reachable. Please check your firewalls,ports,
address, /etc/hosts file, etc.

Follow-Ups:
- Re: Ports 443 & 80
  - From: Nathaniel Dube
- Re: Ports 443 & 80
  - From: Robert W Capps II

References:
- Ports 443 & 80
  - From: Nathaniel Dube

Prev by Author: Re: Reregister after key change?
Next by Author: Re: Ports 443 & 80
Previous by thread: Ports 443 & 80
Next by thread: Re: Ports 443 & 80
Index(es):
- Author
- Thread