Re: [tor-relays] need help with running tor in combination with shorewall

To: tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>

Subject: Re: [tor-relays] need help with running tor in combination with shorewall

Date: Thu, 3 Oct 2013 21:03:59 +0100

Delivery-date: Thu, 03 Oct 2013 16:04:13 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=whjcJiOsgqdrl4Nn6ykM6NDIOeEmn3KJZ9u4i/Qm8hY=; b=YlhS0/mkXAy9wyMjj+Jun7XaIok/fI/2go58pGWW5vK2YwhmPtIOWjaL5eCS4UcdGv EGcDlsNikPMcslubAMMfYtnIGUSBWLnqMVwvg9oiCnl+DIpmD2vzPIpNCXpbPgsJb8mO MSVWQQ8zjFJA/EiDuEsjPgwB2u/EM1u+y1MrfNhjT/HwDQR7RHvVewGmf/vEy1b1CMbB BvtGflbFhis8hBHbbrGCOLO+cMoawNRxm1NUqi90LzxgEnVKSnTqEk3EmPTFNQ8FU9uv 0fGcZBxQh5yoQKW8+6Om4f0U+xM3lPblCcyIWa+x/s6u31iuZs+RZJeXLb7nWUaaH1CT qJ3A==

In-reply-to: <20131002193404.GA15882@localhost>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays $exit, non-exit, bridge$" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <20131002193404.GA15882@localhost>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi Jan,

Here is an example config for shorewall, pulled it straight off a relay I run.

# PORT PORT(S) DEST LIMIT GROUP

SECTION NEW

# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..

#Ping(ACCEPT) net $FW

Ping(DROP) net $FW

ACCEPT net $FW tcp 9001 #tor

ACCEPT net $FW tcp 9030 #tor-dir

#ACCEPT net $FW tcp 22 #ssh/dropbear

ACCEPT net $FW tcp 80 #apache

#ACCEPT net $FW tcp 443 #ssl apache

# Permit all ICMP traffic FROM the firewall TO the net zone

ACCEPT $FW net icmp

Paste that into your /etc/shorewall/rules file, uncomment lines as needed and then 'service shorewall restart'

Regards

On 2 October 2013 20:34, Jan Hendrik den Besten <tor@xxxxxxxxxxxxx> wrote:

Hi,

I installed tor a few days ago. It only runs fine if I stop my shorewall
firewall. I found here some online help:

https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ

However, the shorewall-rules example given there doesn't work. It's
mentioned the example is for shorewall v2.2.3 whereas the current version
is v4.5.16.1.

Does anyone have a latest exmple of the /etc/shorewall/rules file?

thanks, Jan Hendrik
--
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays