[tor-relays] DNAT question
Softail
black98fxstc at gmail.com
Sat Jul 16 03:35:54 UTC 2011
Does this work with the RPM from to torproject repository? My
understanding from the FAQs was that it did *not* unless you were using
a Debian derived distribution and I'm using CentOS, a RedHat based
distro. However looking over the init.d/tor and torctl scripts it seems
like it might work now, since they say they don't use su any more. I
really don't want to hack the scripts from the RPM. I suppose I can just
try it, but if someone has some experience with this (or words of
wisdom) I'd appreciate hearing it. I changed hosting today, which with a
firewall screw up on my part, was more disruptive than I'd planned and I
don't want to just keep poking at it.
On 7/15/2011 11:11 AM, Damian Johnson wrote:
> The far easier method is to add a "User <tor user>" entry to your
> torrc then start Tor as root. This way tor will bind to the privileged
> ports then lower its permissions to the given user (I've been meaning
> to update that faq entry...).
>
> Also, I wrote a relay setup wizard that makes you a nice relay
> configuration (including using 443/80) automagically. To give it a try
> just...
> - dowload http://www.atagar.com/transfer/tmp/arm-1.4.3rc.tar.bz2
> - extract and run 'arm'
> - it should pop up a wizard that looks like...
> - http://www.atagar.com/transfer/tmp/arm_wizard1.png
> - http://www.atagar.com/transfer/tmp/arm_wizard2.png
> - http://www.atagar.com/transfer/tmp/arm_wizard3.png
>
> Arm is about to have a release in the next few days so I'd love
> feedback on the wizard if you have any. Cheers! -Damian
>
> On Fri, Jul 15, 2011 at 10:56 AM, Softail <black98fxstc at gmail.com> wrote:
>> I'm trying to switch my ports from 9001/9030 to 443/80. The tor
>> configuration seems straight forward. I tried
>>
>> /sbin/iptables --append INPUT --protocol tcp --match state --state NEW
>> --destination a.b.c.d --dport 9001 --jump ACCEPT
>> /sbin/iptables --append INPUT --protocol tcp --match state --state NEW
>> --destination a.b.c.d --dport 9030 --jump ACCEPT
>> /sbin/iptables --table nat --append PREROUTING --protocol tcp
>> --source-port 443 --destination a.b.c.d --jump DNAT --to-destination :9001
>> /sbin/iptables --table nat --append PREROUTING --protocol tcp
>> --source-port 80 --destination a.b.c.d --jump DNAT --to-destination :9030
>>
>> but that doesn't seem to work. The OR and Dir ports are not reachable
>> from the outside. I assumed that PREROUTING happened before INPUT but
>> not really an expert on this. The firewall blocks everything else
>> inbound to that address but the two ports I opened. Do I need to open
>> 443/80 on the INPUT chain as well and if so do I also need to keep
>> 9001/9030 open also?
>>
>> CentOS 5.6 if that matters.
>>
>> Thanks
>>
>> --
>> A man in chains knows he should have acted sooner...
>> Julian Assange
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list