[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Tor Relay in Kubernetes cluster
- To: Daniel Nikoloski via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [tor-relays] Tor Relay in Kubernetes cluster
- From: Felix <zwiebel@xxxxxxxxxxxxxxxx>
- Date: Fri, 18 Aug 2023 14:38:54 +0200
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Fri, 18 Aug 2023 08:39:28 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=quantentunnel.de; s=s31663417; t=1692362354; x=1692967154; i=zwiebel@xxxxxxxxxxxxxxxx; bh=D3tY00Audic3TZmHAVDzYuBhU27i6PLYrErsxt1NIp4=; h=X-UI-Sender-Class:Date:From:To:Cc:Subject:In-Reply-To:References; b=OmIjH9HEN9MUFDJxf7UgsMmtdjn+j0UBxCalsXh+drSDPWv/jk/0fYvx7z2sGSjITgpAnS2 OHd1mv6trO9FaM1hzuZ0fCT27qVf+luC+jB7BMzxUwMDvt69HG9NpSEGTdRxSFcyotbh4XsRk c7T5fOhlT/pr+NYUZj+8MHkXVEbChDxH8+cMepThD+RS0T/32NRPhv9i6kTgSUOuPm31rtrwq ftgvxKB869dAk0aeDnlUXBiRMn+afKm5hCzhTeVijUkUDZVZUpeyZsnxIcXamIWClEl4jv7eI Tan3en4mur+a1NaKb4TfGW2fzD4XsuBd2IXRo6zhMwqda752BoWA==
- In-reply-to: <Fj7VrLFBwy-dv8kZNSm8huhvNJAwSs8yyW_i7faS1qz6MKgoR6BJsuQ9YSDpK6W1X0zq3OIdhxM7rH__a-5SeWeLYf5kkLnKjBd4oTo5DjA=@pm.me>
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- References: <Fj7VrLFBwy-dv8kZNSm8huhvNJAwSs8yyW_i7faS1qz6MKgoR6BJsuQ9YSDpK6W1X0zq3OIdhxM7rH__a-5SeWeLYf5kkLnKjBd4oTo5DjA=@pm.me>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
- Ui-outboundreport: notjunk:1;M01:P0:NYYdfvxzeCg=;9AJaJ7ORRndl2dZoAu7P3q0R5FH 4IV4Hsa698p5l8KFU62Ki9tiOOUSjhu783FaAZh/CbgH/sjHNlI1ubxlzX4s4e0BuKQ3VAIOk Mtsm1qGczVAVExFY3buPi6tOo2DBEN/Nu04TMgUv2GDZoTu/3J0D+k7+FBPqR+AUWiXbbwPHu RDR6lRH28Xo3pzfSTqnZmfgKnVv97WMm59HFfBfeqMg+GyIEbBMqxKreSZCVe7wrAHII4Uhl/ AQqoTmmFKvH7R47Hk1R6Kqtjw4/zFzQvn7FDUhTBLWk4uJBqQ/aWUM/QIFSwG6MIaOotpp+L9 249eZ6OIsEw0bvlxvWakdge4OomIhHnAisLP8wdILfGi8Sx4eVzv18raTNqL6W3hFJDCMpLF7 BuPrs72TBUcZyFyBiBx+oGueZ61zyuPMGj+jfIeYk/HCfuaHpMoapB5cuOvrVOeiVzuf5/oWo MUqulPV2wBJd/lGFC1eXufH2oysibBP536M4UE6onLzy7zbnCtnsuAATf/0hqbjWUBN9RrZzT 5O72zdNOdG3CaICrYrzgz86j1MUS3/0FPZ3nVw9qLAGftLKlNjYyl7H31UgI1pMc1M0YGFA5g 8zYbtfyHI7xz+E6NG9gfCJr9hRb/qeDGmllEqXqolZNgHsz2xKjnlqqhoPe9MXQb7scUqey4/ kdw8b4NBci4jZ6ihXi8rzz7KWkzlo00wIWStF4SOpQcsh1G7dpAVCW1AMbGLrxm9n46+mRzw2 QWwMYdE2lF6W/CxcnGY6qZpq9ic44VrEDEMr1TwxyNV6YaP/lnp6itm/tpvysSiQ3hLkBO03G LJSRSgtHRrq5tQ6lxrNnhPtHgKNXkUyEZqNV3k4s8/Sa9FzixqsxSbRwo4FcAVAX5iSTRGZ4v eBVzWxp99iuc+YWW0cQNIxcYOn1pLljbSOQFIH6btwp2A7Xe04B2JV0TEHf0u0oYQIOyErjgx yb4Yqg==
> Daniel Nikoloski
Hi Daniel
Not sure if that already has been answered. I don't use Kubernetes cluster but I find this one interesting:
> > Address 38.242.233.101
> > ORPort 9001 NoAdvertise IPv4Only
> > ORPort 32150 NoListen IPv4Only
I believe the Tor server service will publish port 32150 but it listens
to port 9001. It will not listen to where foreign Tor clients speak.
Simply "ORPort 9001" could be enough if you bind Tor to the published
address 38.242.233.101.
Unrelated:
If you will bind the Tor server service to an internal address
(10.x.x.x) ie for use in a container, NoAdvertise and NoListen can
be used to explain it to Tor:
Address 38.242.233.101
ORPort 10.x.x.x:9001 NoAdvertise IPv4Only
ORPort 38.242.233.101:32150 NoListen IPv4Only
The firewall needs to forward the traffic from the external to
the internal addresses. In pf world:
rdr on $IFEXT inet proto tcp from any to 38.242.233.101 port 32150
-> 10.x.x.x port 9001
Finally (in my setup) the outbound traffic needs nat. In pf world:
nat on $IFEXT inet from 10.x.x.x to any -> 38.242.233.101
Attachment:
pgpM13R1BaVCq.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays