[tor-relays] Protecting the bridge port from active probes

Roger Dingledine arma at torproject.org
Sat Mar 30 22:02:32 UTC 2019


On Sat, Mar 30, 2019 at 08:44:45PM +0000, Alexander Nasonov wrote:
> This works for me:
> 
> AssumeReachable 1
> PublishServerDescriptor 0
> ORPort PUBLIC-IP:2345 NoListen
> ORPort 127.0.0.1:2345 NoAdvertise
> ExtORPort 127.0.0.1:3456 # you can try auto
> ServerTransportListenAddr obfs4 PUBLIC-IP:4567
> ServerTransportPlugin obfs4 exec /path/to/obfs4proxy

You probably also want a "BridgeRelay 1" in there too. That will help
make sure you fetch appropriate directory information in order to have
it available for users of your bridge. And depending on your Tor version,
it will also make sure that your exit policy is reject *:*. (Not that
bridge clients should be trying to exit from you, but you want to make
sure that they don't succeed if for some reason they try :)

--Roger



More information about the tor-relays mailing list