[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Protecting the bridge port from active probes

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Protecting the bridge port from active probes
From: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date: Sat, 30 Mar 2019 18:02:32 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 30 Mar 2019 18:02:45 -0400
In-reply-to: <20190330204445.GA23578@neva>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <1a4076b3-9533-0241-c5ee-e267048ada05@wp.pl> <20190328204334.3e78786f@xps.localdomain> <20190330204445.GA23578@neva>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.10.1 (2018-07-13)

On Sat, Mar 30, 2019 at 08:44:45PM +0000, Alexander Nasonov wrote:
> This works for me:
> 
> AssumeReachable 1
> PublishServerDescriptor 0
> ORPort PUBLIC-IP:2345 NoListen
> ORPort 127.0.0.1:2345 NoAdvertise
> ExtORPort 127.0.0.1:3456 # you can try auto
> ServerTransportListenAddr obfs4 PUBLIC-IP:4567
> ServerTransportPlugin obfs4 exec /path/to/obfs4proxy

You probably also want a "BridgeRelay 1" in there too. That will help
make sure you fetch appropriate directory information in order to have
it available for users of your bridge. And depending on your Tor version,
it will also make sure that your exit policy is reject *:*. (Not that
bridge clients should be trying to exit from you, but you want to make
sure that they don't succeed if for some reason they try :)

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Protecting the bridge port from active probes
  - From: Marek Szuba
- Re: [tor-relays] Protecting the bridge port from active probes
  - From: Dmitrii Tcvetkov
- Re: [tor-relays] Protecting the bridge port from active probes
  - From: Alexander Nasonov

Prev by Author: Re: [tor-relays] Relay Installed, port forwarded, but not responding
Next by Author: Re: [tor-relays] Relay C19B33758B3A5144894233EC4C95D7985B9FD101
Previous by thread: Re: [tor-relays] Protecting the bridge port from active probes
Next by thread: Re: [tor-relays] Relay without OpenSSL
Index(es):
- Author
- Thread