Tor bridge configuration

J

jewsofeast

I've installed & configured security/tor.

Here is my /usr/local/etc/tor/torrc http://paste.pocoo.org/show/427733/.

I've opened ORPort 8443 in /etc/pf.conf.

Code: 
nmap -sT -O localhost
Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-07-03 17:51 SGT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00026s latency).
Not shown: 990 filtered ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
53/tcp   open  domain
111/tcp  open  rpcbind
515/tcp  open  printer
2049/tcp open  nfs
3306/tcp open  mysql
5432/tcp open  postgresql
8443/tcp open  https-alt
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): FreeBSD 7.X|8.X (99%)
Aggressive OS guesses: FreeBSD 7.0-RELEASE (99%), FreeBSD 7.2-RELEASE (98%), FreeBSD 7.0-RELEASE-p2 - 7.1-PRERELEASE (94%), FreeBSD 8.0-BETA2
 - 8.0-RELEASE (94%), FreeBSD 8.0-RC1-p1 (94%), FreeBSD 8.0-RELEASE (93%), FreeBSD 7.0-RELEASE-p1 - 8.1-RELEASE-p1 (93%), FreeBSD 8.0-STABLE
 (93%), FreeBSD 7.0-BETA4 - 7.0 (92%), FreeBSD 7.0-CURRENT (92%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 52.57 seconds

When I start tor by running [cmd=]/usr/local/etc/rc.d/tor start[/cmd], I see this -
Code: 
/usr/local/etc/rc.d/tor start
Starting tor.
Jul 03 18:09:07.146 [notice] Tor v0.2.1.30. This is experimental software. Do not rely on it for strong anonymity. (Running on FreeBSD amd64)
Jul 03 18:09:07.147 [notice] Choosing default nickname 'dave'
Jul 03 18:09:07.147 [notice] Your ContactInfo config option is not set. Please consider setting it, so we can contact you if your server is
 misconfigured or something else goes wrong.
Jul 03 18:09:07.175 [notice] Initialized libevent version 1.4.14b-stable using method kqueue. Good.
Jul 03 18:09:07.175 [notice] Opening OR listener on 0.0.0.0:8443

When I check [cmd=]tail -f /var/log/tor[/cmd] it returns error -

Code: 
Jul 03 18:09:17.445 [notice] OpenSSL OpenSSL 0.9.8q 2 Dec 2010 looks like version 0.9.8m or later; I will try SSL_OP to enable
 renegotiation
Jul 03 18:09:17.507 [notice] Your Tor server's identity key fingerprint is 'dave 5F9EC66AD1CC13F9ED9F5768BF1077715B2A2AC3'
Jul 03 18:09:17.968 [notice] We now have enough directory information to build circuits.
Jul 03 18:09:17.968 [notice] Bootstrapped 80%: Connecting to the Tor network.
Jul 03 18:09:18.285 [notice] Bootstrapped 85%: Finishing handshake with first hop.
Jul 03 18:09:18.512 [notice] Guessed our IP address as XXX.XXX.XXX.XXX (source: 74.3.165.39).
Jul 03 18:09:19.957 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Jul 03 18:09:21.817 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jul 03 18:09:21.817 [notice] Bootstrapped 100%: Done.
Jul 03 18:09:21.817 [notice] Now checking whether ORPort XXX.XXX.XXX.XXX:8443 is reachable... (this may take up to 20 minutes -- look for log
 messages indicating success)
Jul 03 18:29:22.103 [warn] Your server (XXX.XXX.XXX.XXX:8443) has not managed to confirm that its ORPort is reachable. Please check your
 firewalls, ports, address, /etc/hosts file, etc.

I dont know why it doesn't work.
 
Is tor running on the same machine as PF? If not you're missing a rdr rule to forward the port.

Code: 
 pass in quick on $ext_if proto { tcp, udp } from any to ($ext_if) port 8443 keep state
 pass out quick on $ext_if proto { tcp, udp } from any to ($ext_if) port 8443 keep state

The pass out rule isn't needed. The ORPort is an incoming connection. Replies will be automatically allowed because of the keep state.
 
Because tor is running on the same machine a rdr isn't needed. Just wanted to make sure ;)
 
You must log in or register to reply here.
Back
Top