#27027 closed enhancement (user disappeared)

TorRelayGuide/NetBSD: set ORPort to 443 where that works out of the box

Reported by: nusenu Owned by: egypcio
Priority: Medium Milestone:
Component: Community/Relays Version:
Severity: Normal Keywords: bsd netbsd tdp torbsd
Cc: nusenu, ggus, gman999 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

So far we used 443 where that works out of the box, you don't seem to like that:

https://trac.torproject.org/projects/tor/wiki/TorRelayGuide/NetBSD?sfp_email=&sfph_mail=&action=diff&version=4&old_version=3

443 is a more likely reachable port than 9001,
what is your motivation for changing it to 9001, especially since you are recommending people to set a random port? ("TRY A DIFFERENT PORT" should be explained) on a non-exit (likely guard) relay?

Child Tickets

Change History (10)

comment:1 Changed 14 months ago by egypcio

Cc: gman999 added
Keywords: bsd netbsd tdp torbsd added
Type: defectenhancement

comment:2 Changed 14 months ago by egypcio

it's really not that "I don't like it". when you put things this way (and paste the diff with the changes) looks like you got things personal - it is/was not my intention, btw.

I completely understand that having 'ORPort 443' includes more people to reach out the relay and so on, but if you check forums and/or mailing lists you can get the feedback from many people trying to bind tor (and many other unix daemons) to low ports and getting issues related to it; there's actually a note on the official torrc sample configuration about this king of thing.

FreeBSD was/is one of the systems that does not allow (by default) unpriv users to bind sockets to low ports; and 9001 is present on the wiki page here for FreeBSD ;-)

why did I use the 9001? it's the default for torrc and an unpriv user can bind a socket to such a port; than the relay admin can judge if the S.O. of choice can work on binding low ports to unpriv users - or do whatever it's needed to advertise the 443 (in question here).

for DragonFly-, Net- and OpenBSD I just updated the wiki pages and reflected this kind of info. thanks for reporting this issue. very appreciated!

PS: having other ports rather than 'just' 443 is also not a bad idea. that was the motivation behind the 'TRY A DIFFERENT PORT'. 22, 587, 993, 1194, 500, 5222, 465, 6697, 636, ...

comment:3 in reply to:  2 Changed 14 months ago by nusenu

Replying to egypcio:

I completely understand that having 'ORPort 443' includes more people to reach out the relay and so on, but if you check forums and/or mailing lists you can get the feedback from many people trying to bind tor (and many other unix daemons) to low ports and getting issues related to it; there's actually a note on the official torrc sample configuration about this king of thing.

again: for this very reason we only put ORPort 443 there where it works out of the box, the above reasoning might apply to other platforms but this ticket is specifically about the NetBSD wiki page, not something else

PS: having other ports rather than 'just' 443 is also not a bad idea. that was the motivation behind the 'TRY A DIFFERENT PORT'. 22, 587, 993, 1194, 500, 5222, 465, 6697, 636, ...

I don't think that these other ports you list here are more likely to be allowed by restricted firewalls than port 443

comment:5 Changed 14 months ago by egypcio

PS: OpenBSD's page was also updated to reflect the same info. thank you again. very appreciated!

comment:6 Changed 14 months ago by egypcio

PPS: same for DragonFlyBSD (can be copied to the FreeBSD page, if you wish to)

comment:7 Changed 14 months ago by Toni Bordelo

Resolution: fixed
Status: closedreopened

comment:8 in reply to:  7 Changed 14 months ago by egypcio

Replying to Toni Bordelo:

Hi Toni,

I see you requested to reopen this ticket. Are you missing something on that wiki page? ORPort 443 is set and the config works as expected for NetBSD.

Please tell us if we missed something, so we fix it.

Thank you for having a look into it.

comment:9 Changed 13 months ago by egypcio

Hello there, any updates on this one?
Do we miss anything here (related to get 443 as default ORPort for NetBSD on its wiki page)?

comment:10 Changed 13 months ago by nusenu

Resolution: user disappeared
Status: reopenedclosed
Note: See TracTickets for help on using tickets.