I am trying to run a middle relay with no-exit policy. It was my assumption that a middle relay would only communicate with other relays on 9001 port. Yet I see my relay IP address attempting connections to other IP address on ports that are non-9001 (or 9030).
That depends on what the other relay operators have configured their hosts to talk to. It's a common thing to set relays on other ports to obscure the kind of traffic, and to work around certain firewall rules.
On Tue, Feb 4, 2014 at 6:16 PM, Tora Tora Tora tor@allthatnet.com wrote:
I am trying to run a middle relay with no-exit policy. It was my assumption that a middle relay would only communicate with other relays on 9001 port. Yet I see my relay IP address attempting connections to other IP address on ports that are non-9001 (or 9030). _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Is it correct to assume that if I am running a locked-down IP address behind the firewall, it means my relay would connect to a very limited number of other relays that also run standard ports? Would that would affect anonymity?
Also, what is the right to deal with this issue without compromising security?
On 02/04/2014 12:37 PM, D.S. Ljungmark wrote:
That depends on what the other relay operators have configured their hosts to talk to. It's a common thing to set relays on other ports to obscure the kind of traffic, and to work around certain firewall rules.
On 02/04/2014 07:20 PM, Tora Tora Tora wrote:
Is it correct to assume that if I am running a locked-down IP address behind the firewall, it means my relay would connect to a very limited number of other relays that also run standard ports? Would that would affect anonymity?
A relay *must* be able to reach all other relays.
OK, I got it. So open outgoing connections, but restrict incoming connections to my ports, e.g, 9001 and 9030, correct?
On 02/04/2014 02:00 PM, Moritz Bartl wrote:
On 02/04/2014 07:20 PM, Tora Tora Tora wrote:
Is it correct to assume that if I am running a locked-down IP address behind the firewall, it means my relay would connect to a very limited number of other relays that also run standard ports? Would that would affect anonymity?
A relay *must* be able to reach all other relays.
On 02/04/2014 09:31 PM, Tora Tora Tora wrote:
Is it correct to assume that if I am running a locked-down IP address behind the firewall, it means my relay would connect to a very limited number of other relays that also run standard ports? Would that would affect anonymity?
A relay *must* be able to reach all other relays.
OK, I got it. So open outgoing connections, but restrict incoming connections to my ports, e.g, 9001 and 9030, correct?
Yes.
tor-relays@lists.torproject.org
-
D.S. Ljungmark -
Moritz Bartl -
Tora Tora Tora