Hey again,
I have a similar setup and I think up-to-date-synopsis is
ORPort 80 NoListen ORPort 0.0.0.0:9001 NoAdvertise
A good start to avoid proxy circumventing software is here. Notice potential flaws mentioned there! You might want to just torify a certain user or a machine or everything in your network - here is how to do this.
The problem with normal proxification is every plugin can leak your IP and must be therefore disabled. You must be ABSOLUTELY sure no software you use this way leaks e.g. DNS info.
Using your kernel's packet filter is IMHO the most user-friendly and reasonably secure way to rock'n'roll. I might be wrong, but hey, others will prevent you from trusting me. ;-)
Kind regards
christian
-----Original-Nachricht----- Betreff: Re: [tor-relays] Non-standard Bridge Datum: Mon, 21 Sep 2015 22:53:54 +0200 Von: Geoff Down geoffdown@fastmail.net An: tor-relays@lists.torproject.org
On Mon, Sep 21, 2015, at 06:59 PM, Steve Snyder wrote:
You've set 2 port numbers, 9001 and 80, to listen on. Pick one or the other.
One is the internal port on which Tor listens, the other is the one advertised to the outside world. The router forwards one to the other - this works fine for normal relays, is there any reason for it not to work for a Bridge?
Also, set "SocksPort 0".
That would stop Tor handling local connections from applications. Is running a Bridge incompatible with local clent traffic? I couldn't find anything to that effect in the docs.
I did get a 'Self-testing indicates your ORPort is reachable from the outside' message eventually - there was just a 12 minute wait between 'Bootstrapped 100%' and 'Guessed our IP address as', the reachability test followed immediately after.
On Monday, September 21, 2015 1:20pm, "Geoff Down" geoffdown@fastmail.net said:
Hello all, I'm trying to set up a Bridge/Client Tor instance with the following torrc:
ControlPort 9051 ExitPolicy reject *:* HashedControlPassword <pwd> Nickname <nickname> ORListenAddress 0.0.0.0:9001 ORPort 80 BridgeRelay 1 ContactInfo <contactinfo>
Should this work as a bridge? Client functionality is fine (port 80 is forwarded to 9001) but there is no reachability test in the log. I have a "bridge's hashed identity key fingerprint" in there; where is it I can check online to be sure the BridgeDB has received it? I wanted to check it worked with fixed ports before I tried 'ORPort auto'.
GD
-- http://www.fastmail.com - Faster than the air-speed velocity of an unladen european swallow
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays