On Wed, Nov 07, 2007 at 08:20:37AM -0800, Martin
> My home router offers an http administration
> console on port 80 which for obvious security
> reasons is normally only accessible from the
> internal facing side of the router. While
> many of these home routers typically have an
> internal private IP such as 192.168.1.1
> an external public IP, they sometimes respond
> to both IPs from the inside and sometimes they
> even allow access to the administration console
> on the external IP if it is accessed from the
> internal side of the router (mine does). This
> would not normally be a problem, but add a tor
> exit server to the inside of a home network
> serviced by such a router and ...you can
> probably guess where I am going with this.
--- Kyle Williams <kyle.kwilliams@xxxxxxxxx
> If anyone is concerned about this, and you should
> be add the following to your torrc.
> ExitPolicy reject <YOUR_EXTERNAL_IP>:*
> Obviously replacing <YOUR_EXTERNAL_IP> with your
> real IP address...not your internal (LAN) IP
--- Jacob Appelbaum <jacob@xxxxxxxxxxxxx
> I run a few services on the net. I like the idea
> that if I run a Tor server on the same machine
> (on the same interface, with the same IP) as
> my service, people using Tor will prefer my node as
> their exit node. This allows me to provide services
> indirectly to the Tor network without very much
> effort. Smart routing is neato. This is a
> feature and a pretty neat one at that.
--- Ruben Garcia <ruben@xxxxxx
> Perhaps it might be possible to tell tor about the
> router's nat policy so that if the router is
> supposed to port forward the external request
> to <ipA>:<portA>, tor does it itself.
> That way, the problematic
> host->tor->tor->your host tor->router->your host web
Yes, a hidden service will work behind a router (or NAT'd setup).