Thanks for the link & clarification.
Best regards,
Kenneth
3. Oct 2018 14:15 by [email protected]
<mailto:[email protected]>:
> Hi Kenneth,
> find the answers here: >
> https://lists.torproject.org/pipermail/tor-relays/2018-July/015748.html
> <https://lists.torproject.org/pipermail/tor-relays/2018-July/015748.html>
> It would be great to add that to the guide at>
> https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy
>
> <https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy>>
> ^^.
>
>> Hello,
>>
>> I'm in the process of setting up a couple of obfs4 bridge relays on Ubuntu
>> server 18.04.
>>
>> I'm endeavoring to apply strict firewall rules to ensure only the necessary
>> ports are open.
>>
>> In accordance with the configuration (below) I've allowed port 9001:
>>
>> #Bridge config
>> RunAsDaemon 1
>> ORPort 9001
>> BridgeRelay 1
>> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
>> ExtORPort auto
>>
>> #Set your bridge nickname and contact info
>> ContactInfo <your-contact-info>
>> Nickname pick-a-nickname
>>
>> I've also allowed port 9051 to enable me to connect to the obfs4 server via
>> onionbox.
>>
>> After starting the Tor service the Tor logs report,
>>
>> Opening Socks listener on 127.0.0.1:9050
>>
>> Opening Control listener on 127.0.0.1:9051
>>
>> Opening OR listener on 0.0.0.0:9001
>>
>> Extended OR listener listening on port XXXXX.
>>
>> Registered server transport 'obfs4' at '[::]:33919'
>>
>> All of the ports listed (above) appear to be fixed ports that open each time
>> I start/restart Tor. However, the"Extended OR listener listening on port
>> XXXXX" changes on each start/restart.
>> >> I can see the configuration (above) instructs ExtORPort auto.>> >> I've
>> looked online where there is some advice suggesting the auto setting for
>> ExtORPort is important for securityreasons, however, if I'd like to have
>> strict firewall rules the auto setting becomes problematic.
>> Currently, I've allowed port 9001 & the Tor logs report,
>>
>> Now checking whether ORPort XXX.XXX.XXX.XX:9001 is reachable...
>>
>> Self-testing indicates your ORPort is reachable from the outside.
>>
>> I'd be grateful for some advice on which ports I should keep open, to ensure
>> I can provide the very best service &good security practice both for the
>> client & the server - thanks :)
>>
>> Best regards,
>>
>> Kenneth
_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
