Opened 7 months ago

Last modified 5 months ago

#29339 new enhancement

Bind outbound ports

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Normal Keywords:
Cc: spam@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

It would be useful if a tor relay could be configured to use a specific local port range for outgoing traffic, or even bind to a single port.

This would make tor more manageable and flexible. Especially in a router/fw.

Just like with have ORPort for incoming traffic we could have OROutPort for outgoing ports.

Many popular torrent applications does this.

It would allow running tor behind a stateless firewall, which is very useful for low end routers with high bw Internet connections.

Child Tickets

Change History (4)

comment:1 Changed 7 months ago by dgoulet

Component: Core TorCore Tor/Tor

comment:2 Changed 7 months ago by teor

We could extend the OutboundBindAddress options to include a port range.

comment:3 Changed 5 months ago by nickm

Milestone: Tor: unspecified

Is there a way to do this in C other than to try over and over until you find a free port?

comment:4 in reply to:  3 Changed 5 months ago by teor

Replying to nickm:

Is there a way to do this in C other than to try over and over until you find a free port?

I think that's basically it.

If the range is large, we can bind to an arbitrary port, then close and re-bind if you don't like the OS choice.
If the range is small, we can choose a random port, and bind specifically to it, and then choose another port if it fails.

Sounds like a denial of service risk to me, either way.

Note: See TracTickets for help on using tickets.