[tor-dev] Potential regression when binding sockets to interface without default route

grarpamp grarpamp at gmail.com
Mon Sep 19 18:24:26 UTC 2016


On Mon, Sep 19, 2016 at 9:14 AM, René Mayrhofer <rm at ins.jku.at> wrote:
> Setup: Please note that our setup is a bit particular for reasons that
> we will explain in more detail in a later message (including a proposed
> patch to the current source which has been pending also because of the
> holiday situation...). Briefly summarizing, we use a different network
> interface for "incoming" (Tor encrypted traffic) than for "outgoing"
> (mostly clearnet traffic from the exit node, but currently still
> includes outgoing Tor relay traffic to other nodes). The outgoing
> interface has the default route associated, while the incoming interface
> will only originate traffic in response to those incoming connections.
> Consequently, we let our Tor node only bind to the IP address assigned
> to the incoming interface 193.171.202.146, while it will initiate new
> outgoing connections with IP 193.171.202.150.

There could be further benefit / flexibility in a 'proposed patch' that
would allow to take the incoming ORport traffic and further split
it outbound by a) OutboundBindAddressInt that which is going back
internal to tor, and b) OutboundBindAddressExt that which is going
out external to clearnet. Those two would include port specification
for optional use on the same IP. I do not recall if this splitting is
currently possible.


More information about the tor-dev mailing list