I’ve set up a new bridge and everything seems to be working well, but I have a question about something I saw while checking on ports and networking.
My configuration contains this:
BridgeRelay 1
PublishServerDescriptor bridge
AddressDisableIPv6 1
SocksPort 0
ORPort 2112 IPv4Only
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:443
So Tor stuff happens on port 2112, and port 443 is where clients can connect (which as I understand it should make the bridge less noticeable).
I ran this to see what’s listening on the ports. Setting aside 22 for ssh and 53 for DNS, everything is Tor-related.
$ sudo netstat --numeric --tcp --program --listen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:37715 0.0.0.0:* LISTEN 18582/tor
tcp 0 0 0.0.0.0:2112 0.0.0.0:* LISTEN 18582/tor
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 18766/sshd: /usr/sb
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 653/systemd-resolve
tcp6 0 0 :::22 :::* LISTEN 18766/sshd: /usr/sb
tcp6 0 0 :::443 :::* LISTEN 18583/obfs4proxy
obfs4proxy
is listening on port 443: good. But notice port 37715. (This port is randomly chosen, I think, so someone else running this command would see a different number.) There are connections in and out of it:
$ sudo netstat --numeric --tcp --program | grep 37715
tcp 0 0 127.0.0.1:49388 127.0.0.1:37715 ESTABLISHED 18583/obfs4proxy
tcp 0 0 127.0.0.1:58068 127.0.0.1:37715 ESTABLISHED 18583/obfs4proxy
tcp 0 0 127.0.0.1:34540 127.0.0.1:37715 ESTABLISHED 18583/obfs4proxy
tcp 0 0 127.0.0.1:37715 127.0.0.1:53494 ESTABLISHED 18582/tor
tcp 0 0 127.0.0.1:37715 127.0.0.1:36960 ESTABLISHED 18582/tor
tcp 0 0 127.0.0.1:37715 127.0.0.1:34540 ESTABLISHED 18582/tor
tcp 0 0 127.0.0.1:37715 127.0.0.1:49388 ESTABLISHED 18582/tor
The Tor server is listening on port 37715 and obfs4proxy
is sending to the port, if I read that right. What’s happening? What is flowing where? Thanks for any explanation or pointers.
1 Like
Felix
2
Somehow obfs4 is listening to ipv6 but we would expect it at ip4.
1 Like
Felix
3
To the original question you can find more:
Pluggable Transport Spec
Yes, the obfusctor and Tor daemon communicate at localhost.
1 Like
dcf
4
Do you have ExtORPort auto
set in torrc? (You should have it set.) The “extended ORPort” is where tor receives connections from obfs4proxy. It only listens on localhost, and auto
means it chooses a random ephemeral port. obfs4proxy receives connections on the external port 443, and forwards them to tor’s extended ORPort on localhost.
If ExtORPort
is not set, obfs4proxy will instead connect to the normal ORPort
, but you don’t want that because it produces metrics that are less useful. The “extended” part of ExtORPort lets obfs4proxy forward information to tor such as the client IP address, which is used for metrics separated by country.
3 Likes
Thanks! I do have ExtORPort auto
set but forgot to include it in my snippet, so that explains that.
1 Like
system
Closed
6
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.