Does this work with the RPM from to torproject repository? My understanding from the FAQs was that it did *not* unless you were using a Debian derived distribution and I'm using CentOS, a RedHat based distro. However looking over the init.d/tor and torctl scripts it seems like it might work now, since they say they don't use su any more. I really don't want to hack the scripts from the RPM. I suppose I can just try it, but if someone has some experience with this (or words of wisdom) I'd appreciate hearing it. I changed hosting today, which with a firewall screw up on my part, was more disruptive than I'd planned and I don't want to just keep poking at it.

On 7/15/2011 11:11 AM, Damian Johnson wrote:

The far easier method is to add a "User <tor user>" entry to your torrc then start Tor as root. This way tor will bind to the privileged ports then lower its permissions to the given user (I've been meaning to update that faq entry...).

Also, I wrote a relay setup wizard that makes you a nice relay configuration (including using 443/80) automagically. To give it a try just...

• dowload http://www.atagar.com/transfer/tmp/arm-1.4.3rc.tar.bz2
• extract and run 'arm'
• it should pop up a wizard that looks like...
  • http://www.atagar.com/transfer/tmp/arm_wizard1.png
  • http://www.atagar.com/transfer/tmp/arm_wizard2.png
  • http://www.atagar.com/transfer/tmp/arm_wizard3.png

Arm is about to have a release in the next few days so I'd love feedback on the wizard if you have any. Cheers! -Damian

On Fri, Jul 15, 2011 at 10:56 AM, Softail black98fxstc@gmail.com wrote:

...

I'm trying to switch my ports from 9001/9030 to 443/80. The tor configuration seems straight forward. I tried

/sbin/iptables --append INPUT --protocol tcp --match state --state NEW --destination a.b.c.d --dport 9001 --jump ACCEPT /sbin/iptables --append INPUT --protocol tcp --match state --state NEW --destination a.b.c.d --dport 9030 --jump ACCEPT /sbin/iptables --table nat --append PREROUTING --protocol tcp --source-port 443 --destination a.b.c.d --jump DNAT --to-destination :9001 /sbin/iptables --table nat --append PREROUTING --protocol tcp --source-port 80 --destination a.b.c.d --jump DNAT --to-destination :9030

but that doesn't seem to work. The OR and Dir ports are not reachable from the outside. I assumed that PREROUTING happened before INPUT but not really an expert on this. The firewall blocks everything else inbound to that address but the two ports I opened. Do I need to open 443/80 on the INPUT chain as well and if so do I also need to keep 9001/9030 open also?

CentOS 5.6 if that matters.

Thanks

-- A man in chains knows he should have acted sooner... Julian Assange

---

tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

---

tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Tested this in a VM that couldn't connect to the internet and the RedHat RPMs seem to be able to bind 443/80 fine before they change user to _tor. Updated my relay torrc files and restarted an seems to be working fine. Lost my stable flag with all the changes though so still waiting for my traffic to build up but should be able to handle a lot more bandwidth now.

Probably someone should up the the FAQ before someone else runs into this confusion. Not sure if I can do this or not.

On 7/16/2011 9:54 AM, Damian Johnson wrote:

...

Does this work with the RPM from to torproject repository?

If you're talking about arm then both it and torctl can work with redhat distros but they aren't in the rpm repository. The tarball that I mentioned should work just fine on CentOS. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays