[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Non-standard Bridge
Hey again,
I have a similar setup and I think up-to-date-synopsis is
ORPort 80 NoListen
ORPort 0.0.0.0:9001 NoAdvertise
A good start to avoid proxy circumventing software is here.
Notice potential flaws mentioned there!
You might want to just torify a certain user or a machine or everything in your network - here is how to do this.
The problem with normal proxification is every plugin can leak your IP and must be therefore disabled.
You must be ABSOLUTELY sure no software you use this way leaks e.g. DNS info.
Using your kernel's packet filter is IMHO the most user-friendly and reasonably secure way to rock'n'roll.
I might be wrong, but hey, others will prevent you from trusting me. ;-)
Kind regards
christian
-----Original-Nachricht-----
Betreff: Re: [tor-relays] Non-standard Bridge
Datum: Mon, 21 Sep 2015 22:53:54 +0200
Von: Geoff Down <geoffdown@xxxxxxxxxxxx>
An: tor-relays@xxxxxxxxxxxxxxxxxxxx
On Mon, Sep 21, 2015, at 06:59 PM, Steve Snyder wrote:
> You've set 2 port numbers, 9001 and 80, to listen on. Pick one or the
> other.
One is the internal port on which Tor listens, the other is the one
advertised to the outside world. The router forwards one to the other -
this works fine for normal relays, is there any reason for it not to
work for a Bridge?
>
>
> Also, set "SocksPort 0".
>
That would stop Tor handling local connections from applications. Is
running a Bridge incompatible with local clent traffic? I couldn't find
anything to that effect in the docs.
I did get a 'Self-testing indicates your ORPort is reachable from the
outside' message eventually - there was just a 12 minute wait between
'Bootstrapped 100%' and 'Guessed our IP address as', the reachability
test followed immediately after.
>
> On Monday, September 21, 2015 1:20pm, "Geoff Down"
> <geoffdown@xxxxxxxxxxxx> said:
>
> > Hello all,
> > I'm trying to set up a Bridge/Client Tor instance with the following
> > torrc:
> >
> > ControlPort 9051
> > ExitPolicy reject *:*
> > HashedControlPassword <pwd>
> > Nickname <nickname>
> > ORListenAddress 0.0.0.0:9001
> > ORPort 80
> > BridgeRelay 1
> > ContactInfo <contactinfo>
> >
> > Should this work as a bridge? Client functionality is fine (port 80 is
> > forwarded to 9001) but there is no reachability test in the log. I have
> > a "bridge's hashed identity key fingerprint" in there; where is it I can
> > check online to be sure the BridgeDB has received it? I wanted to check
> > it worked with fixed ports before I tried 'ORPort auto'.
> >
> > GD
> >
> > --
> > http://www.fastmail.com - Faster than the air-speed velocity of an
> > unladen european swallow
> >
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays@xxxxxxxxxxxxxxxxxxxx
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
--
http://www.fastmail.com - A no graphics, no pop-ups email service
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays