subject:"\[tor\-relays\] Question Re\: firewall rules for obfs4 bridge relay"

Re: [tor-relays] Question Re: firewall rules for obfs4 bridge relay

2018-10-03 Thread torrelay.europa

Thanks for the link & clarification.
Best regards,
Kenneth

3. Oct 2018 14:15 by entensai...@use.startmail.com 
:


> Hi Kenneth,
> find the answers here: > 
> https://lists.torproject.org/pipermail/tor-relays/2018-July/015748.html 
> 
> It would be great to add that to the guide at> 
> https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy
>  
> >
>   ^^.
>  
>> Hello,
>>
>> I'm in the process of setting up a couple of obfs4 bridge relays on Ubuntu 
>> server 18.04. 
>>
>> I'm endeavoring to apply strict firewall rules to ensure only the necessary 
>> ports are open.
>>
>> In accordance with the configuration (below) I've allowed port 9001:
>>
>> #Bridge config
>> RunAsDaemon 1
>> ORPort 9001
>> BridgeRelay 1
>> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
>> ExtORPort auto
>>
>> #Set your bridge nickname and contact info
>> ContactInfo 
>> Nickname pick-a-nickname
>>
>> I've also allowed port 9051 to enable me to connect to the obfs4 server via 
>> onionbox.
>>
>> After starting the Tor service the Tor logs report,
>>
>> Opening Socks listener on 127.0.0.1:9050
>>
>> Opening Control listener on 127.0.0.1:9051
>>
>> Opening OR listener on 0.0.0.0:9001
>>
>> Extended OR listener listening on port X.
>>
>> Registered server transport 'obfs4' at '[::]:33919'
>>
>> All of the ports listed (above) appear to be fixed ports that open each time 
>> I start/restart Tor. However, the"Extended OR listener listening on port 
>> X" changes on each start/restart.
>>  >> I can see the configuration (above) instructs ExtORPort auto.>>  >> I've 
>> looked online where there is some advice suggesting the auto setting for 
>> ExtORPort is important for securityreasons, however, if I'd like to have 
>> strict firewall rules the auto setting becomes problematic.
>> Currently, I've allowed port 9001 & the Tor logs report,
>>
>> Now checking whether ORPort XXX.XXX.XXX.XX:9001 is reachable...
>>
>> Self-testing indicates your ORPort is reachable from the outside.
>>
>> I'd be grateful for some advice on which ports I should keep open, to ensure 
>> I can provide the very best service  security practice both for the 
>> client & the server - thanks :)
>>
>> Best regards,
>>
>> Kenneth___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question Re: firewall rules for obfs4 bridge relay

2018-10-03 Thread entensaison


Hi Kenneth,
find the answers here: 
https://lists.torproject.org/pipermail/tor-relays/2018-July/015748.html
It would be great to add that to the guide at 
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy 
^^.

 

Hello,

I'm in the process of setting up a couple of obfs4 bridge relays on 
Ubuntu server 18.04. 


I'm endeavoring to apply strict firewall rules to ensure only the 
necessary ports are open.


In accordance with the configuration (below) I've allowed port 9001:

#Bridge config
RunAsDaemon 1
ORPort 9001
BridgeRelay 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ExtORPort auto

#Set your bridge nickname and contact info
ContactInfo 
Nickname pick-a-nickname

I've also allowed port 9051 to enable me to connect to the obfs4 
server via onionbox.


After starting the Tor service the Tor logs report,

Opening Socks listener on 127.0.0.1:9050

Opening Control listener on 127.0.0.1:9051

Opening OR listener on 0.0.0.0:9001

Extended OR listener listening on port X.

Registered server transport 'obfs4' at '[::]:33919'

All of the ports listed (above) appear to be fixed ports that open 
each time I start/restart Tor. However, the "Extended OR listener 
listening on port X" changes on each start/restart.

 
I can see the configuration (above) instructs ExtORPort auto.
 
I've looked online where there is some advice suggesting the auto 
setting for ExtORPort is important for security reasons, however, if 
I'd like to have strict firewall rules the auto setting becomes 
problematic.

Currently, I've allowed port 9001 & the Tor logs report,

Now checking whether ORPort XXX.XXX.XXX.XX:9001 is reachable...

Self-testing indicates your ORPort is reachable from the outside.

I'd be grateful for some advice on which ports I should keep open, to 
ensure I can provide the very best service & good security practice 
both for the client & the server - thanks :)


Best regards,

Kenneth
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question Re: firewall rules for obfs4 bridge relay [addendum]

2018-10-03 Thread torrelay.europa

PS - forgot to state that I'm using ufw firewall. 
Date: 3. Oct 2018 13:16From: torrelay.eur...@keemail.me 

To: tor-relays@lists.torproject.org 
Subject: Question Re: firewall rules for obfs4 bridge relay


> Hello,
>
> I'm in the process of setting up a couple of obfs4 bridge relays on Ubuntu 
> server 18.04.  
>
> I'm endeavoring to apply strict firewall rules to ensure only the necessary 
> ports are open. 
>
> In accordance with the configuration (below) I've allowed port 9001:
>
> #Bridge config
> RunAsDaemon 1
> ORPort 9001
> BridgeRelay 1
> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> ExtORPort auto
>
> #Set your bridge nickname and contact info
> ContactInfo 
> Nickname pick-a-nickname
>
> I've also allowed port 9051 to enable me to connect to the obfs4 server via 
> onionbox.
>
> After starting the Tor service the Tor logs report,
>
> Opening Socks listener on 127.0.0.1:9050
>
> Opening Control listener on 127.0.0.1:9051
>
> Opening OR listener on 0.0.0.0:9001
>
> Extended OR listener listening on port X.
>
> Registered server transport 'obfs4' at '[::]:33919'
>
> All of the ports listed (above) appear to be fixed ports that open each time 
> I start/restart Tor. However, the "Extended OR listener listening on port 
> X" changes on each start/restart. 
>
> I can see the configuration (above) instructs ExtORPort auto. 
>
> I've looked online where there is some advice suggesting the auto setting for 
> ExtORPort is important for security reasons, however, if I'd like to have 
> strict firewall rules the auto setting becomes problematic.
> Currently, I've allowed port 9001 & the Tor logs report,
>
> Now checking whether ORPort XXX.XXX.XXX.XX:9001 is reachable...
>
> Self-testing indicates your ORPort is reachable from the outside. 
>
> I'd be grateful for some advice on which ports I should keep open, to ensure 
> I can provide the very best service & good security practice both for the 
> client & the server - thanks :)
>
> Best regards,
>
> Kenneth
>
>
>
>
>
>
>
>___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Question Re: firewall rules for obfs4 bridge relay

2018-10-03 Thread torrelay.europa

Hello,

I'm in the process of setting up a couple of obfs4 bridge relays on Ubuntu 
server 18.04.  

I'm endeavoring to apply strict firewall rules to ensure only the necessary 
ports are open. 

In accordance with the configuration (below) I've allowed port 9001:

#Bridge config
RunAsDaemon 1
ORPort 9001
BridgeRelay 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ExtORPort auto

#Set your bridge nickname and contact info
ContactInfo 
Nickname pick-a-nickname

I've also allowed port 9051 to enable me to connect to the obfs4 server via 
onionbox.

After starting the Tor service the Tor logs report,

Opening Socks listener on 127.0.0.1:9050

Opening Control listener on 127.0.0.1:9051

Opening OR listener on 0.0.0.0:9001

Extended OR listener listening on port X.

Registered server transport 'obfs4' at '[::]:33919'

All of the ports listed (above) appear to be fixed ports that open each time I 
start/restart Tor. However, the "Extended OR listener listening on port X" 
changes on each start/restart. 

I can see the configuration (above) instructs ExtORPort auto. 

I've looked online where there is some advice suggesting the auto setting for 
ExtORPort is important for security reasons, however, if I'd like to have 
strict firewall rules the auto setting becomes problematic.
Currently, I've allowed port 9001 & the Tor logs report,

Now checking whether ORPort XXX.XXX.XXX.XX:9001 is reachable...

Self-testing indicates your ORPort is reachable from the outside. 

I'd be grateful for some advice on which ports I should keep open, to ensure I 
can provide the very best service & good security practice both for the client 
& the server - thanks :)

Best regards,

Kenneth







___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question Re: firewall rules for obfs4 bridge relay

Re: [tor-relays] Question Re: firewall rules for obfs4 bridge relay

[tor-relays] Question Re: firewall rules for obfs4 bridge relay [addendum]

[tor-relays] Question Re: firewall rules for obfs4 bridge relay

4 matches

Site Navigation

Mail list logo

Footer information