On Thu, 10 Jul 2014 19:48:06 -0700 "Greg Moss" gmoss82@gmail.com wrote:
Thanks for the help. I have my ORport and DIRport defined in torrc and forwarded through the firewall up to the Tor Relay. I was just wondering in regards to outbound traffic from the server itself. In the event it gets compromised I really hate to open all ports outbound let alone possible DNS leaks and what not. Appoligize if this doesn't make since I just fired this thing up yesterday and want to make sure it is secure.
You do need to have all ports open outbound.
The reason is, your relay needs to be able to connect to all other relays, and people run their relays on all sorts of weird ports.
However one thing to consider would be to restrict outbound port 22 and port 53 outbound to not get into trouble with your provider due to suspicions of SSH bruteforcing / DNS reflection attacks. This will break a very small portion of circuits built via your relay, but hopefully solve more potential problems than this would cause.