[tor-relays] Oubound Ports

Roman Mamedov rm at romanrm.net
Fri Jul 11 03:30:15 UTC 2014

On Thu, 10 Jul 2014 19:48:06 -0700
"Greg Moss" <gmoss82 at gmail.com> wrote:

> Thanks for the help. I have my ORport and DIRport defined in torrc and
> forwarded through the firewall up to the Tor Relay. I was just wondering in
> regards to outbound traffic from the server itself. In the event it gets
> compromised I really hate to open all ports outbound let alone possible DNS
> leaks and what not. Appoligize if this doesn't make since I just fired this
> thing up yesterday and want to make sure it is secure.

You do need to have all ports open outbound.

The reason is, your relay needs to be able to connect to all other relays, and
people run their relays on all sorts of weird ports.

However one thing to consider would be to restrict outbound port 22 and port 53
outbound to not get into trouble with your provider due to suspicions of SSH
bruteforcing / DNS reflection attacks. This will break a very small portion of
circuits built via your relay, but hopefully solve more potential problems
than this would cause.

With respect,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140711/5efaa9a6/attachment.sig>

More information about the tor-relays mailing list