[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] ExtOrPort settings for obsf4, obfs3 and firewall
- To: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Subject: [tor-relays] ExtOrPort settings for obsf4, obfs3 and firewall
- From: Cristian Consonni <cristian@xxxxxxxxx>
- Date: Mon, 23 Jul 2018 16:03:58 +0200
- Autocrypt: addr=cristian@xxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFf2UdgBEACrxT4tdA1fUeeoMWyHqqGwEgOlS/FFpYkxlbwO4cMMlDMVLig4IQbMl/zD RhWsYpYrN+/RyGE15oj9sA6Wmdg+fjwnPbjdANUpuDZlhKRjvmb6YcYgHqBZTNpz4HqhFLXf +SSZsPRal4+ZBLOoXrn7xWNOw5cBuZ3zG9X/F0AOjGbDH3EpLfVOjG4D1Hzl9Jh1/6trQ+KW es7Uyt+G4lhhOMfVvoj7Bts6f+wNuOMVwNl0WFoSlVyb/G1rhAuGPeBpGVyb9auj6VU/J8iv PllOhJV624uVEO3ozPyqTVnb1OzQiMk8ZiAbU8gvtvQZAlAhvQ3Gz48K5/lA+Fhy45E97jod SuFPUKK3FkS9fSB0me84p6+1lv7iNx6OGBFHB5NlEnv9oKt75/hJMCivOQEihMlPUFCovoUd gfT7tgSVaoYzygDL69zEcxOoFm3OBU0/Q1KtsVB0VcuQIawwPN4dmwVu7wgn9DTHId8H8qB1 7Ic0hej/l5l0FADEmYEJ7BZbYZlrar1p00ARPcyk51YBTgNl4QnmsS49OtIFCd2+ndgWZCRS YEjfswVaqgBt456uerLXJd3kA6GYLci30fJaqhgxPcfLDcBd1zwYoq89mK+3cacrbj6MOGlj mOcSPM/r2LgWyDvLs8g0mqmDTRP7guJSXIJIQAdN4Ne5KHGt0wARAQABzSZDcmlzdGlhbiBD b25zb25uaSA8Y3Jpc3RpYW5AYmFsaXN0LmVzPsLBgAQTAQgAKgIbAwULCQgHAgYVCAkKCwIE FgIDAQIeAQIXgAIZAQUCWhmy0AUJBAc3eAAKCRD0tKFBSy+VVQeSD/0UEJdKReUjrWAuhTj4 WU6pvv4Cwd44Wk5FuVV52+WQtlq1s/+ABx7oHlHPm1LEMGmR1XIENvQ/tXds5UKnrtH6KZyd 4AcwkVhr8DvBzT9AMNtHtEX1Hl31X9IO/5gBS6gUWzulgjwDFnz7nZz2NFHRyGhUg99i2Mbd Zt/g0RublFa1M8ob2QYqH5ZucFk6H29U3ZrybQMjD3SXilZwGnJ1Rbdj4iRSj0MKsUomflu9 M2IYZ+vXlL9+PlU0+fcXZGIcWMqZ7YMr6zVVjprDscfQrOHflV86bJoQQ1pD2KbTDtMuvNkt JgD9rmEdKXLCIsdf2WM9jaCEPz4rqAZ+b9jqGYHMcOBlX8y8XIomAWerzvxMIyZIUnyC7a60 a50aMd2AyAPP8/urv1PTnZPUs47/jan5JYaFz2C+baJXv0Vj+bzjbeg3DDfoEg05gPKmWzIM hphu9AMZkRMuHUYQQz/+w1L2zEdT/I8uvfq6GuxLAWuvCoR1VPJAKW0LRKOdh7eWlgAWgSIk s0UFr7293ajmsUNApLc8aw6UocNz5lPtanSV+QZAL0g1SoDZkYcSjZ21fWGTdSH/kk5iyygl EMrJlLjlbWL9DTRlijapqbCI0AKZ4iD7Kf1gHkuBlv5aPETSRjuNdCx2EFoBIUpC8+/t1ux6 /kxmWSBLqG0XavrI3s7BTQRX9lHYARAAvmtTYBBFWBcBp8D08iY76IIInKvJdVZQuGB+2UqO G5E8sCvdbT+J6l4myU60dvahvi4qll5gItE45a2QjD9NQvS+BLWLwZleGxyq9irOSGgSdVjf jGMs1yywOoRX4vGRKuuFyqU6E9dQTBi6h9UuPiaXqhq03nC0483JSw9ocfj0gIePQYffPZNx kexfVB3W9ZVNNxMFmVwjksygxfKBtfAob4DLtmVsayqwx6nd8B2RIZo+HPjGpQQeAD6w6eM0 cBurf5nLQz5oapri3bwClc29SAw0KpGZHvXqL4w5O9IpedSjSRodScJdaGzAy9ycS8IZ08Sy NRyIwh0whXFG7f8xczoHdmsxeEWC3zo6K0XhzqBQ+qtclNwEFVsY++OfCbBjk2WX62qIAdKa 8PAJ19Ct/zuQSG9UjZDJA+OeLjebeeUpN4RuceELFa5k6aN6JUr3nqmQpc7/5GKp7U3nei0o wYGmDpxPK66y5FV+XjBD0zwSzjYk10eyMfp55bQh6woybftfqBG3p1VNkNlRgzkIukvPH3xU pk74Or1e/NGMVJ2DfimDRBerkI27wxfRhQs+O3I0azk6oSKSFYYogrnWhrmVcnRqqRUO21ge MNgcUrpOhzxr/ZMAZBzK75oa/07FSRsXKlwWq5h+SntLay1nyBqzQb/WEnia1wQfqc8AEQEA AcLBZQQYAQgADwIbDAUCWhmyRwUJBAc27wAKCRD0tKFBSy+VVdhSD/wMdVRaDd7XO40/Zh1f 7087LW7OQPKxKjWbiQE3NYYBa+dQmZoa/rdUcSZdUNpUP2L839kbYjrO8CStFHU5S0DFTEjs uFzKwHt1Olv1e/+vxUZJV61BWB4r9bLYFdw4bSruz59e2mmBorryAD7ZIP1ltfBg7+StM4RE rg6FoUnDNeQoZJ2YAghLRfQMTeR5OU6kob7J3DEIyBX64FZ5QFR59GLqVen8yoXffJHKZyTM DFtnsxrebPcj0/rmQ7Kehn4rY151JcOOqIRZQp5rO16JW6WFJ/R3TkY96QL5XQTICaeWsi2j 62HHHAloUbB6Gz+savJrFM4s73yPO4r+1utdFgiPhANhUuBLe8X0wmX1su2r6mKTfWojO3o5 qbINmZDloku6bgBAPWfBiv0aZdXr5A4bncl0piAE09v8dbaecH+MQWDwj/Q/XF9jCha2Nc96 3cKP5g8oBzlWbVkT5gHVUUn1esRDviaSiSOGngMGex8Iao50MoNK7Zw5YvMm+4WNP4GkU7Ri jIEgMwnkvd/cujQOUhel7uN/M6sW7izkv+Xley1YGg2N22WvQ1SOCh+sl1xbLEsFNFRN146j IuYREg1ECormK2DrEl2WUT3s3+/i/XHygPXuqg6X7UlVsFaMsQ/K78/p5Z4JAO4njtdTEbPw d9v5XQcr7L/SR2TjSg==
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Mon, 23 Jul 2018 10:04:21 -0400
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=balist.es; s=201602; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID:Subject:From:To; bh=wZVmK7uLXdooRfzvIumtha9XnDW5LeWn3hxaSNuXS7o=; b=KboD5aHUT+RHQPIP6fvvXPdQNGMQsYQnABnbwZU7u06vmGoGXwSv3qjVhmdqcHc14djRooWN4S+IpR7zadrb17cLCune7sVR36/SlexrDPRxOgAJd/Y/LXT92BucCmZmZeBTKhxRBnlCmqyZsywD+Q9bKzBTPYCtVoBsEyTLgps=;
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
Hi,
Form the instructions to install obsf4:
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy
---
```
ExtORPort auto
```
[...]
```
[notice] Registered server transport 'obfs4' at '[::]:46396'
```
Remember the random port associated to your bridge needs to be open for
incoming connections. You can find it from the logs: it's 46396 in this
example.
---
I can assume that using `ExtORPort auto` would mean that potentially any
time Tor is restarted or reload a new port will be picked.
Furthermore, in this thread[1] it is said:
---
[...] ExtORPort tells tor to open a local-only (bound to localhost)
socket for getting information from / communicating with obfsproxy
---
So, if I want to be sure to know in advance which firewall port I should
let open it is better that I choose a fixed port. Also, that port needs
only to accept connections from localhost, i.e. the loopback interface?
The only port that needs to be reachable from anywhere is the ORPort?
Also, in this answer on Tor Stack Exchange[2] it is said that is
possible to run both obfs3 and obfs4 from the same bridge. Is this
useful/recommended? Also, in the answer:
---
I had to make port forwards for the given obfs ports in iptables (easy
with gufw) as well as in my hardware (internet-)firewall to make things
work. So I am not so sure that the ExORPort is for local connections
only as mentioned by Rodger (please let me know if I am wrong here).
---
Thanks in advance (I am sorry for the flood of stupid question, but I
prefer to ask a stupid question that having things not work and not
understanding why...)
C
[1]:
https://lists.torproject.org/pipermail/tor-relays/2014-February/003909.html
[2]: https://tor.stackexchange.com/a/6735
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays