Hi, > On 15 Apr 2020, at 01:45, Wilton Gorske <wil...@riseup.net> wrote: > > Secondly, and mainly, I am working on setting up ten obsf4 bridge relays > on macOS and keep running into port issues, so I'm hoping to get some > general advice and guidance about how to set this up in the absence of > updated macOS tutorials online.
Thanks for running Tor bridges! > These bridge relays are going to run on one macOS server. Knowing that > they can each have their own dedicated IP address, could someone advise > how to best set up these multiple obsf4 bridge instances so each can be > run (tor -f /usr/local/etc/tor/torrc.1, torrc.2, torrc.3, etc...) under > one non-root user It's slightly safer to run each instance under its own user. Then the keys for each instance aren't available to the other instances. You might find Debian's tor-instance-create script useful: https://gitweb.torproject.org/debian/tor.git/tree/debian/tor-instance-create In particular, you can have a defaults torrc for each instance, and then just change the addresses and ports in each instance's torrc. > with only two public ports open on the data center > network (80 and 443)? I'm getting stuck at the port reachability phase, > and even more so when trying to run multiple instances with > forwarding/binding warnings. > > The Application Level Firewall allows certain granted programs > (tor/tor-gencert/tor-print-ed-signing-cert/tor-resolve/torify/obfs4proxy) > the ability to open or accept a network socket. By editing the macOS > network system settings to route port 80 to 9005, and noting ORPort 80 > NoListen ORPort 0.0.0.0:9005 NoAdvertise in the torrc, that works > correctly (including routing 443 for obfs4proxy). Running a second > instance is where it seems to break down. Is there a way to have > multiple tor instances sharing a port? No, tor doesn't support port multiplexing across multiple tor processes, Instead, tor automatically multiplexes multiple clients over the same port, without any special configuration on the server. > My guess is the main issue is that at the system routing level, I need a > way to note each IP and port so it goes to the right tor instance. > Currently, the forwarding is set up like: > rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port > 9005 > I'm guessing I need some way to designate IP XX.XXX.XX.120 -> port 9005 > (torrc.1), XX.XXX.XX.121 -> port 9006 (torrc.2), XX.XXX.XX.122 -> port > 9007 (torrc.3), etc. Is that correct? Yes, that sounds sensible. > A copy of my notes and configurations so far can be found here: > http://5jp7xtmox6jyoqd5.onion/p/ISjeXEW-vt8H1s89bwSW > > Please feel free to make suggestions or edits directly in that etherpad. > I'm sure there are multiple ways to do this, but I definitely want to > make sure I am using the most secure method as opposed to the easiest or > quickest... Thanks for any help in advance. T
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays