[tor-relays] ExtOrPort settings for obsf4, obfs3 and firewall
Cristian Consonni
cristian at balist.es
Mon Jul 23 14:03:58 UTC 2018
Hi,
Form the instructions to install obsf4:
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy
---
```
ExtORPort auto
```
[...]
```
[notice] Registered server transport 'obfs4' at '[::]:46396'
```
Remember the random port associated to your bridge needs to be open for
incoming connections. You can find it from the logs: it's 46396 in this
example.
---
I can assume that using `ExtORPort auto` would mean that potentially any
time Tor is restarted or reload a new port will be picked.
Furthermore, in this thread[1] it is said:
---
[...] ExtORPort tells tor to open a local-only (bound to localhost)
socket for getting information from / communicating with obfsproxy
---
So, if I want to be sure to know in advance which firewall port I should
let open it is better that I choose a fixed port. Also, that port needs
only to accept connections from localhost, i.e. the loopback interface?
The only port that needs to be reachable from anywhere is the ORPort?
Also, in this answer on Tor Stack Exchange[2] it is said that is
possible to run both obfs3 and obfs4 from the same bridge. Is this
useful/recommended? Also, in the answer:
---
I had to make port forwards for the given obfs ports in iptables (easy
with gufw) as well as in my hardware (internet-)firewall to make things
work. So I am not so sure that the ExORPort is for local connections
only as mentioned by Rodger (please let me know if I am wrong here).
---
Thanks in advance (I am sorry for the flood of stupid question, but I
prefer to ask a stupid question that having things not work and not
understanding why...)
C
[1]:
https://lists.torproject.org/pipermail/tor-relays/2014-February/003909.html
[2]: https://tor.stackexchange.com/a/6735
More information about the tor-relays
mailing list