Ports 443 & 80

Robert W Capps II robert at capps.us
Sun May 18 17:46:58 UTC 2008 

Oops, the DirPort section of the sample should have read:

   ## Optional: what port to advertise for TOR directory connections.
   DirPort 80
   DirListenAddress 2.2.2.2:9091




On May 18, 2008, at 10:38 AM, Robert W Capps II wrote:

> I've not tried to setup a TOR node with your config, but I'll tell  
> you how I got mine to work :
>
> Assumptions for the following configuration:
>
>  1.1.1.1 - Public IP address of Firewall (assumes you are using NAT  
> internally)
>  2.2.2.2 - Private IP address in use on the TOR server
>  :9090 - Private OR Port
>  :443   - Public OR Port
>  :9091 - Private DIR Port
>  :80     - Public DIR Port
>
> First I set my firewall up to accept the following external ports,  
> and forward them to the TOR server - basically port forwarding with  
> NAT:
>
>  1.1.1.1:443 -NAT and port forward to-> 2.2.2.2:9090
>  1.1.1.1:80   -NAT and port forward to-> 2.2.2.2:9091
>
> The TOR server was then configured to listen locally for TOR traffic  
> on 2.2.2.2:9090 and 2.2.2.2:9091, so you'll need to set the  
> following items in your torrc file:
>
>  ## The IP or FQDN for your server. Leave commented out and Tor will  
> guess.
>  Address 1.1.1.1
>
>  ## Required: what port to advertise for Tor connections.
>  ORPort 443
>  ORListenAddress 2.2.2.2:9090
>
>  ## Optional: what port to advertise for TOR directory  
> connections.Uncomment this to mirror the directory for others.
>  DirPort 80
>  DirListenAddress 192.168.3.20:9091
>
>
> So, without validating your firewall setup, I would think you need  
> to modify your 'ORListenAddress' and 'DIRListenAddress' to reflect  
> the ACTUAL IP address (not 0.0.0.0) of your TOR server, and set your  
> 'Address' value to the actual public IP address of your firewall  
> (note, no port required on the 'Address' value).
>
> Hope this helps!
>
> Robert
>
>
>
> On May 17, 2008, at 4:53 PM, Nathaniel Dube wrote:
>
>> I read somewhere that you can use ports 443 and 80 to help out  
>> people stuck
>> behind really restrictive firewalls.  I've been trying to manually  
>> configure
>> Tor to do just that.  I've configured the router for port  
>> forwaring.  I'm
>> pretty sure I did the same for my Linux firewall.  I told the  
>> firewall to
>> listen on ports 443/80 and redirect to 9090/9091.  So the way I  
>> understand it
>> is, Tor servers/clients should be trying to connect to ports 443/80  
>> --> my
>> router listens on 443/80 and bounces to my firewall --> my firewall  
>> listens
>> to 443/80 and bounces to 9090/9091 which the tor server is really  
>> listening
>> in on.  I'm running openSUSE 10.3.  I used yast to set the  
>> firewall.  If I
>> understand what I'm doing I use the "Masquerading" section to do  
>> firewall
>> port forwaring.  Which I'm pretty sure I did correctly but for some  
>> reason
>> servers/clients are still unable to connect to my tor server.
>>
>> I could really use some help getting this working.  I can get the  
>> normal ports
>> working no problem and have my server join the tor network.  It's  
>> when I try
>> doing the port 443/80 trick that things get harry.
>>
>> Here are screenshots of my configuration screens I did for the port
>> forwarding.
>>
>> http://img246.imageshack.us/img246/303/443zb6.png
>> http://img265.imageshack.us/img265/1403/80xv7.png
>> http://img253.imageshack.us/img253/483/yastmasqsm4.png
>> http://img253.imageshack.us/img253/2820/yastrulesyl0.png
>> http://img338.imageshack.us/img338/5127/routerpn3.png
>>
>> Here's portions of tor's config file.  I Xed out stuff that might be
>> considered a security risk on my part.
>>
>> SocksPort 9050
>> SocksListenAddress 127.0.0.1
>> DataDirectory /home/tor/.tor
>> ControlPort 9051
>>
>> ORPort 443
>> ORListenAddress 0.0.0.0:9090
>> DirPort 80
>> DirListenAddress 0.0.0.0:9091
>>
>> Also, here's the log when I run tor in Konsole as root.  I know,  
>> don't run Tor
>> as root.  I'm just doing that to test it to make sure it's working  
>> before I
>> set it to start on boot under the "tor" user.
>>
>> May 16 23:09:16.449 [notice] Tor v0.1.2.19. This is experimental  
>> software. Do
>> not rely on it for strong anonymity.
>> May 16 23:09:16.450 [notice] Initialized libevent version 1.3b  
>> using method
>> epoll. Good.
>> May 16 23:09:16.450 [notice] Opening OR listener on 0.0.0.0:9090
>> May 16 23:09:16.450 [notice] Opening Directory listener on  
>> 0.0.0.0:9091
>> May 16 23:09:16.450 [notice] Opening Socks listener on 127.0.0.1:9050
>> May 16 23:09:16.450 [notice] Opening Control listener on  
>> 127.0.0.1:9051
>> May 16 23:09:16.451 [warn] You are running Tor as root. You don't  
>> need to, and
>> you probably shouldn't.
>> May 16 23:09:16.642 [notice] Your Tor server's identity key  
>> fingerprint
>> is 'XXXXXXXXXXXXXXXXXXX'
>> May 16 23:09:18.240 [notice] We now have enough directory  
>> information to build
>> circuits.
>> May 16 23:09:18.438 [notice] Guessed our IP address as XXXXXXXXXXXXX.
>> May 16 23:09:21.856 [notice] Tor has successfully opened a circuit.  
>> Looks like
>> client functionality is working.
>> May 16 23:09:21.856 [notice] Now checking whether ORPort XXXXXXX: 
>> 443 and
>> DirPort XXXXXXXXXXXX:80 are reachable... (this may take up to 20  
>> minutes --
>> look for log messages indicating success)
>> May 16 23:29:18.900 [warn] Your server (XXXXXXXXXXX:443) has not  
>> managed to
>> confirm that its ORPort is reachable. Please check your firewalls,  
>> ports,
>> address, /etc/hosts file, etc.
>> May 16 23:29:18.900 [warn] Your server (XXXXXXXXXX:80) has not  
>> managed to
>> confirm that its DirPort is reachable. Please check your firewalls,  
>> ports,
>> address, /etc/hosts file, etc.
>

More information about the tor-talk mailing list