[tor-dev] making sure I configure OutboundBindAddressExit correctly

nusenu nusenu-lists at riseup.net
Thu May 4 20:03:00 UTC 2017 

Hi,

since I really like this new feature
I added [1] initial autoconfiguration support for it to ansible-relayor
(user can opt-in via a single boolean and we automate the rest).

I want to make sure I do this correctly and would like your feedback on
the following questions:

a)
Is 'OutboundBindAddressOR' in the following context optional (in the
sense that it does not change tor's behavior)?

ExitRelay 1
ExitPolicy reject *:25,accept *:*
ORPort 1.2.3.4:9001
OutboundBindAddress 1.2.3.4
OutboundBindAddressOR 1.2.3.4
OutboundBindAddressExit 7.7.7.7

is identical to:

ExitRelay 1
ExitPolicy reject *:25,accept *:*
ORPort 1.2.3.4:9001
OutboundBindAddress 1.2.3.4
OutboundBindAddressExit 7.7.7.7


(since according to the manual page OutboundBindAddress*OR* would just
override OutboundBindAddress, which is not needed in the above example
since they match)

b)
Is it ok to set OutboundBindAddressExit for IPv4 only, even if we set
'IPv6Exit 1' or is setting an IPv6 OutboundBindAddressExit address
required after setting OutboundBindAddressExit for IPv4?

Since this question might be a bit confusing I'll give an example in
form of torrc lines:


ORPort 1.2.3.4:9001
OutboundBindAddress 1.2.3.4
OutboundBindAddressExit 7.7.7.7
IPv6Exit 1
ExitRelay 1
ExitPolicy reject *:25,accept *:*

(this config has an IPv4 OutboundBindAddressExit entry but no IPv6
OutboundBindAddressExit entry)


c)
Similar to (b) is it ok to enable OutboundBindAddressExit for IPv6 only?

d)
Is it ok if multiple tor instances on the same host use the same
OutboundBindAddressExit address?
(ignoring the fact that big exits might run out of source ports?)

thanks,
nusenu



[1]
https://github.com/nusenu/ansible-relayor/commit/00fa7c571e8b6f6256092d992831598ad73201db

-- 
https://mastodon.social/@nusenu
https://twitter.com/nusenu_

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170504/d73f6822/attachment.sig>

More information about the tor-dev mailing list