[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Ports 443 & 80

why don't you set ORListenAddress to 0.0.0.0:443 and don't do anything
with your firewall?


2008/5/18, Nathaniel Dube <njdube@xxxxxxxxx>:
> I read somewhere that you can use ports 443 and 80 to help out people stuck
>  behind really restrictive firewalls.  I've been trying to manually configure
>  Tor to do just that.  I've configured the router for port forwaring.  I'm
>  pretty sure I did the same for my Linux firewall.  I told the firewall to
>  listen on ports 443/80 and redirect to 9090/9091.  So the way I understand it
>  is, Tor servers/clients should be trying to connect to ports 443/80 --> my
>  router listens on 443/80 and bounces to my firewall --> my firewall listens
>  to 443/80 and bounces to 9090/9091 which the tor server is really listening
>  in on.  I'm running openSUSE 10.3.  I used yast to set the firewall.  If I
>  understand what I'm doing I use the "Masquerading" section to do firewall
>  port forwaring.  Which I'm pretty sure I did correctly but for some reason
>  servers/clients are still unable to connect to my tor server.
>
>  I could really use some help getting this working.  I can get the normal ports
>  working no problem and have my server join the tor network.  It's when I try
>  doing the port 443/80 trick that things get harry.
>
>  Here are screenshots of my configuration screens I did for the port
>  forwarding.
>
>  http://img246.imageshack.us/img246/303/443zb6.png
>  http://img265.imageshack.us/img265/1403/80xv7.png
>  http://img253.imageshack.us/img253/483/yastmasqsm4.png
>  http://img253.imageshack.us/img253/2820/yastrulesyl0.png
>  http://img338.imageshack.us/img338/5127/routerpn3.png
>
>  Here's portions of tor's config file.  I Xed out stuff that might be
>  considered a security risk on my part.
>
>  SocksPort 9050
>  SocksListenAddress 127.0.0.1
>  DataDirectory /home/tor/.tor
>  ControlPort 9051
>
>  ORPort 443
>  ORListenAddress 0.0.0.0:9090
>  DirPort 80
>  DirListenAddress 0.0.0.0:9091
>
>  Also, here's the log when I run tor in Konsole as root.  I know, don't run Tor
>  as root.  I'm just doing that to test it to make sure it's working before I
>  set it to start on boot under the "tor" user.
>
>  May 16 23:09:16.449 [notice] Tor v0.1.2.19. This is experimental software. Do
>  not rely on it for strong anonymity.
>  May 16 23:09:16.450 [notice] Initialized libevent version 1.3b using method
>  epoll. Good.
>  May 16 23:09:16.450 [notice] Opening OR listener on 0.0.0.0:9090
>  May 16 23:09:16.450 [notice] Opening Directory listener on 0.0.0.0:9091
>  May 16 23:09:16.450 [notice] Opening Socks listener on 127.0.0.1:9050
>  May 16 23:09:16.450 [notice] Opening Control listener on 127.0.0.1:9051
>  May 16 23:09:16.451 [warn] You are running Tor as root. You don't need to, and
>  you probably shouldn't.
>  May 16 23:09:16.642 [notice] Your Tor server's identity key fingerprint
>  is 'XXXXXXXXXXXXXXXXXXX'
>  May 16 23:09:18.240 [notice] We now have enough directory information to build
>  circuits.
>  May 16 23:09:18.438 [notice] Guessed our IP address as XXXXXXXXXXXXX.
>  May 16 23:09:21.856 [notice] Tor has successfully opened a circuit. Looks like
>  client functionality is working.
>  May 16 23:09:21.856 [notice] Now checking whether ORPort XXXXXXX:443 and
>  DirPort XXXXXXXXXXXX:80 are reachable... (this may take up to 20 minutes --
>  look for log messages indicating success)
>  May 16 23:29:18.900 [warn] Your server (XXXXXXXXXXX:443) has not managed to
>  confirm that its ORPort is reachable. Please check your firewalls, ports,
>  address, /etc/hosts file, etc.
>  May 16 23:29:18.900 [warn] Your server (XXXXXXXXXX:80) has not managed to
>  confirm that its DirPort is reachable. Please check your firewalls, ports,
>  address, /etc/hosts file, etc.
>