Hi,
On 20/09/2018 10:37, Ben Riley wrote:
... I've actually got 4 ports open on the router for TOR - 9001, 9030, 9050 & 9051.
I set 9030 as my control port in torrc - does that port need to be open on the router? ...
You probably don't need or want either the control port or the SOCKS port open on the router.
The control port is normally used to allow "front end" software like Vidalia to connect to the node and get diagnostic information, change some configuration settings, tell it to do things like build a new circuit, etc. so it only needs to be accessible to machines from which you want to manage the node in this way. If, for some reason, you did want to manage the node over the internet, I would recommend keeping the port blocked on the router anyway and tunnelling it through an SSH connection to the server.
The SOCKS port is used to tunnel connections through Tor, either directly from software that supports SOCKS, via a wrapper such as socksify or torify or through a proxy server like Privoxy. Again, that only needs to be accessible to machines from which you want to "use" Tor. Again, if you want to use your node as a "gateway" into Tor from elsewhere, you should tunnel the port over SSH.
Hope this helps, Stephen