Daniel Nikoloski
Hi Daniel
Not sure if that already has been answered. I don't use Kubernetes cluster but I find this one interesting:
Address 38.242.233.101 ORPort 9001 NoAdvertise IPv4Only ORPort 32150 NoListen IPv4Only
I believe the Tor server service will publish port 32150 but it listens to port 9001. It will not listen to where foreign Tor clients speak. Simply "ORPort 9001" could be enough if you bind Tor to the published address 38.242.233.101.
Unrelated:
If you will bind the Tor server service to an internal address (10.x.x.x) ie for use in a container, NoAdvertise and NoListen can be used to explain it to Tor:
Address 38.242.233.101 ORPort 10.x.x.x:9001 NoAdvertise IPv4Only ORPort 38.242.233.101:32150 NoListen IPv4Only
The firewall needs to forward the traffic from the external to the internal addresses. In pf world: rdr on $IFEXT inet proto tcp from any to 38.242.233.101 port 32150 -> 10.x.x.x port 9001
Finally (in my setup) the outbound traffic needs nat. In pf world: nat on $IFEXT inet from 10.x.x.x to any -> 38.242.233.101