[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor Relay in Kubernetes cluster



> Daniel Nikoloski
Hi Daniel

Not sure if that already has been answered. I don't use Kubernetes cluster but I find this one interesting:

> > Address 38.242.233.101
> > ORPort 9001 NoAdvertise IPv4Only
> > ORPort 32150 NoListen IPv4Only

I believe the Tor server service will publish port 32150 but it listens
to port 9001. It will not listen to where foreign Tor clients speak.
Simply "ORPort 9001" could be enough if you bind Tor to the published
address 38.242.233.101.

Unrelated:

If you will bind the Tor server service to an internal address
(10.x.x.x) ie for use in a container, NoAdvertise and NoListen can
be used to explain it to Tor:

Address 38.242.233.101
ORPort 10.x.x.x:9001 NoAdvertise IPv4Only
ORPort 38.242.233.101:32150 NoListen IPv4Only

The firewall needs to forward the traffic from the external to
the internal addresses. In pf world:
rdr on $IFEXT inet proto tcp from any to 38.242.233.101 port 32150
-> 10.x.x.x port 9001

Finally (in my setup) the outbound traffic needs nat. In pf world:
nat on $IFEXT inet from 10.x.x.x to any -> 38.242.233.101

Attachment: pgpM13R1BaVCq.pgp
Description: Digitale Signatur von OpenPGP

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays