[tor-dev] Is anyone using tor-fw-helper? (Was Re: BOINC-based Tor wrapper)

Yawning Angel yawning at schwanenlied.me
Thu Jul 23 20:06:38 UTC 2015

On Thu, 23 Jul 2015 12:50:29 -0700
David Stainton <dstainton415 at gmail.com> wrote:

> >> But we have a gigantic userbase, and playing "consumer router
> >> support technician" for all of the ones that ship with broken
> >> uPnP/NAT-PMP implementations does not fill me with warm fuzzy
> >> feelings.
> >
> > I think this is a weird analysis. How many of those people even try
> > to be a relay or a bridge? Do we have numbers on that? Does the
> > support team object or are you objecting on their behalf? It just
> > seems too hand wavy for too many years to punt on dealing with NAT
> > properly.
> If I understand things correctly the uPnP/NAT-PMP is in fact not the
> proper way to solve this problem because of the reasons Yawning
> mentioned. IPFS (interplanetary filesystem) currently solves this
> problem via some complicated protocol with the selection of a
> rendezvous server... similar to Tor hidden services. Clearly this is
> the correct way to solve the NAT problem. Am I wrong about this?

NAT-PMP (aka PCP) is less awful than uPnP is, may actually be ok (as
long as you don't try to remove port mappings due to a bug in older
miniupnpd), but is primarily an Apple-ism limiting it's usefulness.

OTOH, the far more widely supported/deployed uPnP, on consumer routers
at least, should be disabled and treated with extreme suspicion till
proven otherwise.


Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150723/586ca583/attachment.sig>

More information about the tor-dev mailing list