[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: vidalia and new firewall config



On Tuesday 28 August 2007 03:34, Roger Dingledine wrote:
> > Choosing 443 makes this hard to implement because Tor has to be started
> > as root to bind to it.  Would it be as well to suggest a popular
> > high-numbered port such as 8080?
>
> Good point. I guess in Windows-land it should be 443, but in Unix-land
> it shouldn't be. Is 8080 popular? What are other good choices that won't
> stand out too much?

I disagree a bit here.  It is pretty easy to use iptables & friends to map the 
external port 443 to any other internal port.  I've been using this in 
GNUnet -- the http transport advertises the public port 80 and internally 
uses a different port.  The user than adds a rule to the firewall 
configuration, something like:

# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j 
REDIRECT --to-ports 8080

and voila, incoming connections on port 80 go to port 8080.  No need to run as 
root (except for iptables, and I guess we can assume that much control of the 
machine) and we're on a standard privileged port (as far as the network is 
concerned).

My 2 cents

Christian