[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Ports 443 & 80



I've not tried to setup a TOR node with your config, but I'll tell you how I got mine to work :

Assumptions for the following configuration:

1.1.1.1 - Public IP address of Firewall (assumes you are using NAT internally)
  2.2.2.2 - Private IP address in use on the TOR server
  :9090 - Private OR Port
  :443   - Public OR Port
  :9091 - Private DIR Port
  :80     - Public DIR Port

First I set my firewall up to accept the following external ports, and forward them to the TOR server - basically port forwarding with NAT:

  1.1.1.1:443 -NAT and port forward to-> 2.2.2.2:9090
  1.1.1.1:80   -NAT and port forward to-> 2.2.2.2:9091

The TOR server was then configured to listen locally for TOR traffic on 2.2.2.2:9090 and 2.2.2.2:9091, so you'll need to set the following items in your torrc file:

## The IP or FQDN for your server. Leave commented out and Tor will guess.
  Address 1.1.1.1

  ## Required: what port to advertise for Tor connections.
  ORPort 443
  ORListenAddress 2.2.2.2:9090

## Optional: what port to advertise for TOR directory connections.Uncomment this to mirror the directory for others.
  DirPort 80
  DirListenAddress 192.168.3.20:9091


So, without validating your firewall setup, I would think you need to modify your 'ORListenAddress' and 'DIRListenAddress' to reflect the ACTUAL IP address (not 0.0.0.0) of your TOR server, and set your 'Address' value to the actual public IP address of your firewall (note, no port required on the 'Address' value).

Hope this helps!

Robert



On May 17, 2008, at 4:53 PM, Nathaniel Dube wrote:

I read somewhere that you can use ports 443 and 80 to help out people stuck behind really restrictive firewalls. I've been trying to manually configure Tor to do just that. I've configured the router for port forwaring. I'm pretty sure I did the same for my Linux firewall. I told the firewall to listen on ports 443/80 and redirect to 9090/9091. So the way I understand it is, Tor servers/clients should be trying to connect to ports 443/80 --> my router listens on 443/80 and bounces to my firewall --> my firewall listens to 443/80 and bounces to 9090/9091 which the tor server is really listening in on. I'm running openSUSE 10.3. I used yast to set the firewall. If I understand what I'm doing I use the "Masquerading" section to do firewall port forwaring. Which I'm pretty sure I did correctly but for some reason
servers/clients are still unable to connect to my tor server.

I could really use some help getting this working. I can get the normal ports working no problem and have my server join the tor network. It's when I try
doing the port 443/80 trick that things get harry.

Here are screenshots of my configuration screens I did for the port
forwarding.

http://img246.imageshack.us/img246/303/443zb6.png
http://img265.imageshack.us/img265/1403/80xv7.png
http://img253.imageshack.us/img253/483/yastmasqsm4.png
http://img253.imageshack.us/img253/2820/yastrulesyl0.png
http://img338.imageshack.us/img338/5127/routerpn3.png

Here's portions of tor's config file.  I Xed out stuff that might be
considered a security risk on my part.

SocksPort 9050
SocksListenAddress 127.0.0.1
DataDirectory /home/tor/.tor
ControlPort 9051

ORPort 443
ORListenAddress 0.0.0.0:9090
DirPort 80
DirListenAddress 0.0.0.0:9091

Also, here's the log when I run tor in Konsole as root. I know, don't run Tor as root. I'm just doing that to test it to make sure it's working before I
set it to start on boot under the "tor" user.

May 16 23:09:16.449 [notice] Tor v0.1.2.19. This is experimental software. Do
not rely on it for strong anonymity.
May 16 23:09:16.450 [notice] Initialized libevent version 1.3b using method
epoll. Good.
May 16 23:09:16.450 [notice] Opening OR listener on 0.0.0.0:9090
May 16 23:09:16.450 [notice] Opening Directory listener on 0.0.0.0:9091
May 16 23:09:16.450 [notice] Opening Socks listener on 127.0.0.1:9050
May 16 23:09:16.450 [notice] Opening Control listener on 127.0.0.1:9051 May 16 23:09:16.451 [warn] You are running Tor as root. You don't need to, and
you probably shouldn't.
May 16 23:09:16.642 [notice] Your Tor server's identity key fingerprint
is 'XXXXXXXXXXXXXXXXXXX'
May 16 23:09:18.240 [notice] We now have enough directory information to build
circuits.
May 16 23:09:18.438 [notice] Guessed our IP address as XXXXXXXXXXXXX.
May 16 23:09:21.856 [notice] Tor has successfully opened a circuit. Looks like
client functionality is working.
May 16 23:09:21.856 [notice] Now checking whether ORPort XXXXXXX:443 and DirPort XXXXXXXXXXXX:80 are reachable... (this may take up to 20 minutes --
look for log messages indicating success)
May 16 23:29:18.900 [warn] Your server (XXXXXXXXXXX:443) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports,
address, /etc/hosts file, etc.
May 16 23:29:18.900 [warn] Your server (XXXXXXXXXX:80) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports,
address, /etc/hosts file, etc.