On Sat, Oct 04, 2025 at 01:02:59PM -0700, Keifer Bly via tor-relays wrote:

So I am running a snowflake bridge [...] as there is no torrc configuration, is there a port that needs to be forwarded? How can I check if the bridge is reachable?

Hi! Thanks for running a snowflake proxy. Your proxy doesn't get much attention because it self-detects that it is behind a "restricted" type of NAT. So yes, your idea of opening up some ports is exactly right. At home, I launch my snowflake proxy with no arguments, but I configure my local router to put that computer into my DMZ, so it isn't NATted and things just work. On a server that is not behind NAT but has everything firewalled by default, I run my snowflake proxy with -ephemeral-ports-range 40000:45000 and I added a UFW rule something like allow udp 40000:45000 128.31.0.34 any 0.0.0.0/0 in I could probably have done that "udp port range forwarding" setup on my local router at home too, rather than just putting it in the DMZ. When the proxy succeeds at having the right kind of NAT, it will log a line like 2025/09/22 23:41:03 NAT type: unrestricted Hope this helps, --Roger