On Mon, 17 Aug 2015 09:13:21 +0100 Tim Sammut <tim@xxxxxxxxxxxxxx> wrote: > With possible config changes in mind, is it best to use ports 80 and > 443 for pluggable transports? It'd be nice if more bridges used ports < 1024, yes. > IIRC the bridgeDB prefers to hand out at least one bridge with port 80 > or 443 open. Right now the bridge runs obfs3 on 80/tcp and obfs4 on > 443/tcp. Is that still a desirable setup (despite having to run bits > as root)? You don't need to run obfs4proxy as root assuming you are on a modern linux system, since obfs4proxy works correctly with capabilities. # setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy Note, this will let any user on the system executing the obfs4proxy binary to bind to "privileged" ports, and must be done each time the binary is modified in any way (moved, upgraded, etc). IIRC on Debian an extra package needs to be installed to get the setcap executable, but I don't remember what it is off the top of my head. For more information see setcap(8) and capabilities(7). Regards, -- Yawning Angel
Attachment:
pgpg9poKc3qSt.pgp
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays