[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Protecting the bridge port from active probes

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Protecting the bridge port from active probes
From: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date: Fri, 29 Mar 2019 03:46:11 -0400
Cc: Marek Szuba <scriptkiddie@xxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 29 Mar 2019 03:46:23 -0400
In-reply-to: <20190328204334.3e78786f@xps.localdomain>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <1a4076b3-9533-0241-c5ee-e267048ada05@wp.pl> <20190328204334.3e78786f@xps.localdomain>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.10.1 (2018-07-13)

On Thu, Mar 28, 2019 at 08:43:34PM +0300, Dmitrii Tcvetkov wrote:
> Since your bridge is private then bridge authority is none of your
> concerns. In that case you need ORPort reachable only if you have
> bridge clients which use bridge without pluggable transports.

Yes, this advice is correct. Feel free to firewall off your ORPort
from the outside.

It will make your bridge complain that it is unreachable, until somebody
reaches it via one of the pluggable transports, which will satisfy it
and it should stop complaining. You can also simplify that step by
setting "AssumeReachable 1" in your torrc file.

Longer term, we want to address the design issue in this ticket:
https://bugs.torproject.org/7349
and see e.g.
https://bugs.torproject.org/7349#comment:22
but so far we keep finding other things to do more urgently.

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Protecting the bridge port from active probes
  - From: Marek Szuba

References:
- [tor-relays] Protecting the bridge port from active probes
  - From: Marek Szuba
- Re: [tor-relays] Protecting the bridge port from active probes
  - From: Dmitrii Tcvetkov

Prev by Author: Re: [tor-relays] (no subject)
Next by Author: Re: [tor-relays] Relay Installed, port forwarded, but not responding
Previous by thread: Re: [tor-relays] Protecting the bridge port from active probes
Next by thread: Re: [tor-relays] Protecting the bridge port from active probes
Index(es):
- Author
- Thread