On Mon, 17 Aug 2015 09:13:21 +0100 Tim Sammut tim@teamsammut.com wrote:
With possible config changes in mind, is it best to use ports 80 and 443 for pluggable transports?
It'd be nice if more bridges used ports < 1024, yes.
IIRC the bridgeDB prefers to hand out at least one bridge with port 80 or 443 open. Right now the bridge runs obfs3 on 80/tcp and obfs4 on 443/tcp. Is that still a desirable setup (despite having to run bits as root)?
You don't need to run obfs4proxy as root assuming you are on a modern linux system, since obfs4proxy works correctly with capabilities.
# setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy
Note, this will let any user on the system executing the obfs4proxy binary to bind to "privileged" ports, and must be done each time the binary is modified in any way (moved, upgraded, etc).
IIRC on Debian an extra package needs to be installed to get the setcap executable, but I don't remember what it is off the top of my head.
For more information see setcap(8) and capabilities(7).
Regards,