[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] Question Re: firewall rules for obfs4 bridge relay
Hello,
I'm in the process of setting up a couple of obfs4 bridge relays on Ubuntu server 18.04.
I'm endeavoring to apply strict firewall rules to ensure only the necessary ports are open.
In accordance with the configuration (below) I've allowed port 9001:
#Bridge config
RunAsDaemon 1
ORPort 9001
BridgeRelay 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ExtORPort auto
#Set your bridge nickname and contact info
ContactInfo <your-contact-info>
Nickname pick-a-nickname
I've also allowed port 9051 to enable me to connect to the obfs4 server via onionbox.
After starting the Tor service the Tor logs report,
Opening Socks listener on 127.0.0.1:9050
Opening Control listener on 127.0.0.1:9051
Opening OR listener on 0.0.0.0:9001
Extended OR listener listening on port XXXXX.
Registered server transport 'obfs4' at '[::]:33919'
All of the ports listed (above) appear to be fixed ports that open each time I start/restart Tor. However, the "Extended OR listener listening on port XXXXX" changes on each start/restart.
I can see the configuration (above) instructs ExtORPort auto.
I've looked online where there is some advice suggesting the auto setting for ExtORPort is important for security reasons, however, if I'd like to have strict firewall rules the auto setting becomes problematic.
Currently, I've allowed port 9001 & the Tor logs report,
Now checking whether ORPort XXX.XXX.XXX.XX:9001 is reachable...
Self-testing indicates your ORPort is reachable from the outside.
I'd be grateful for some advice on which ports I should keep open, to ensure I can provide the very best service & good security practice both for the client & the server - thanks :)
Best regards,
Kenneth
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays