[TOR] Could not bind to 127.0.0.1:443: Permission denied

  • Thread starter Deleted member 55181
  • Start date
D

Deleted member 55181

Guest
Hey.

I cannot bind tor to 443 port. It's probably permission foult. Any one knows how to increase the tor's authority?

Code:
root@User22:/home/User22 # service tor onestart
/usr/local/etc/rc.d/tor: DEBUG: pid file (/var/run/tor/tor.pid): not readable.
/usr/local/etc/rc.d/tor: DEBUG: checkyesno: tor_enable is set to YES.
Starting tor.
/usr/local/etc/rc.d/tor: DEBUG: run_rc_command: doit:  limits -C daemon su -m _tor -c 'sh -c "/usr/local/bin/tor  -f /usr/local/etc/tor/torrc --PidFile /var/run/tor/tor.pid --RunAsDaemon 1 --DataDirectory /var/db/tor"'
Aug 05 22:01:10.799 [notice] Tor 0.3.3.7 (git-035a35178c92da94) running on FreeBSD with Libevent 2.1.8-stable, OpenSSL 1.0.2k-freebsd, Zlib 1.2.11, Liblzma 5.2.3, and Libzstd 1.3.4.
Aug 05 22:01:10.799 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Aug 05 22:01:10.799 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Aug 05 22:01:10.815 [notice] Scheduler type KISTLite has been enabled.
Aug 05 22:01:10.815 [notice] Opening Socks listener on 127.0.0.1:10001
Aug 05 22:01:10.815 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:443
Aug 05 22:01:10.815 [warn] Could not bind to 127.0.0.1:443: Permission denied
Aug 05 22:01:10.815 [notice] Closing partially-constructed Socks listener on 127.0.0.1:10001
Aug 05 22:01:10.815 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
Aug 05 22:01:10.815 [err] Reading config failed--see warnings above.
/usr/local/etc/rc.d/tor: WARNING: failed to start tor
root@User22:/home/User22 #
 
Only root is able to open ports below 1024. Because Tor runs on the _tor user it's not allowed to open port 443.
 
Ok. So how to turn _tor on at root user?

Edit: in /usr/local/etc/rc.d/tor at : ${tor_user="root"} line.
 
Ok. So how to turn _tor on at root user?

Edit: in /usr/local/etc/rc.d/tor at : ${tor_user="root"} line.
That is a terribly dumb idea because of a multitude of reasons...

First: root is an all-powerful account so if you value your server security you want to avoid using it with regular services. Think about this for a second: the moment this service gets hacked for whatever reason you'd be giving any attacker immediately root access to your box. Not smart.

Instead: why not simply pick a port above 1024? Because that's the second reason this is a dumb idea: 443 is already taken: it's the default port used by webservers to provide encrypted data (HTTPS). Not something you'd want to use for TOR traffic as well.

Finally: /usr/local/etc/rc.d/tor is a file under package management control. In other words: the moment you install an update these local changes will be reset back to normal. And then things will stop working again, probably leaving to wonder why that happened.

So: just pick another port above 1024 and be done with it.
 
...the second reason this is a dumb idea: 443 is already taken: it's the default port used by webservers to provide encrypted data (HTTPS). Not something you'd want to use for TOR traffic as well.
The main reason for this is to get around firewalls, as Tor tries to be accessible even to those with restrictive filtering. Guard nodes running on that port can likely serve more people as it tends to be less filtered than 9001.
 
Back
Top