I am of course not the expert here.

However - NoAdvertise and NoListen are usually combined in two consecutive ORPort statements. This is done to in fact to tell Tor to "listen to ip:port A, but advertise ip:port B", so there definitely is an advertisement of the relay. A relay works fine with that and the "relay piece of a bridge" (so to say) also works well.

But yes, there indeed IS some hassle with the bridge distribution (see also my other post, which still waits moderator approval).

Question remains: Is that a known "shortcoming" for pluggable transports, or is there a special way needed to configure this properly?

So we seem to have two issues with bridge setup, NAT and binding to specific IP:

1. Not possible to properly advertise/distribute obfs4 external IP, if obfs4 port binding to internal IP. 

2. In such cases, bridge distribution does not happen. I have, based an observation from another bridge without NAT, even the impression, that specifying a specific IP instead of 0.0.0.0 or [::] in the ServerTransportListenAddr causes a bridge distribution "none". Maybe a bug?

C.

On August 5, 2025 at 4:46 AM, George Hartley <hartley_george@proton.me> wrote:

Is this not the purpose of NoAdvertise?

You use that flag if you want a private bridge (for example, to give to your friends).

Using both NoAdvertise and NoListen on an OBFS4 bridge behind NAT can make BridgeDB treat your bridge as “no distribution.”

Because NoAdvertise strips the bridge descriptor from publication, and NoListen prevents the ORPort from binding on your public interface, BridgeDB can’t see or test your bridge. As a result, it marks its distribution status as “None.”

The easiest fix is to forward your ORPort through NAT and remove (or at least temporarily disable) those flags so your bridge descriptor is published and reachable. Once BridgeDB can reach and verify your ORPort, it will resume distributing your bridge normally. If you’d like more control, you can also set a specific BridgeDistribution method (for example, moat) in your torrc.

Regards

George

On Tuesday, August 5th, 2025 at 3:46 AM, Gary C. New via tor-relays <tor-relays@lists.torproject.org> wrote:

I'm seeing a similar issue with a recently configured OBFS4 bridge using NAT, NoAdvertise, NoListen, and distribution status displaying as "None."

On Sunday, August 3, 2025 at 12:36:37 PM MDT, C. Pe. via tor-relays <tor-relays@lists.torproject.org> wrote:

Is there maybe another issue with rdsys being "stuck" ?

I have again a new/renewed bridge in distribution status "None" since some days and https://bridges.torproject.org/status?id=<fingerprint> shows for all bridges the last testing two days ago

(According to your below statement, updates should appear latest after 4h)

Thanks & regards, C.

Am 31.07.2025 um 13:12, meskio via tor-relays <tor-relays@lists.torproject.org> schrieb:

You can always check if the bridgeline distributed by rdsys is correct by 
visiting:
https://bridges.torproject.org/status?id=<your hashed or not fingerprint>

This should display one bullet point per IP/transport, so in your case two, one

for IPv6 and another for IPv4. Take into account that it might take up to 4h
for 
this page to be updated when you do changes.

--

Sent with https://mailfence.com

Secure and private email

_______________________________________________

tor-relays mailing list -- tor-relays@lists.torproject.org

To unsubscribe send an email to tor-relays-leave@lists.torproject.org

--
Sent with https://mailfence.com
Secure and private email