enable tor-fw-helper

Please try to enable tor-fw-helper in the next round of building Tor bundles. Please enable both natpmp and upnpc.

added MikePerry201402R component::applications/tor bundles/installation flashproxy owner::erinn priority::medium resolution::user disappeared severity::normal status::closed type::task labels

We should also ask Thomas if we're doing this in a reasonable manner. What say you? :)

Trac:
Cc: N/A to chiiph

We can do that for the alpha bundles, not regular TBB yet as neither Tor 0.2.2.x has the tor-fw-helper stuff nor does Vidalia yet have support for configuring it at all. We could try building the fw-helper stuff in TBBs with alpha tor, but until Vidalia learns to deal with them they'd be dead binaries basically

Just for the record:

       PortForwarding 0|1
           Attempt to automatically forward the DirPort and ORPort on a NAT
           router connecting this Tor server to the Internet. If set, Tor will
           try both NAT-PMP (common on Apple routers) and UPnP (common on
           routers from other manufacturers). (Default: 0)

       PortForwardingHelper filename|pathname
           If PortForwarding is set, use this executable to configure the
           forwarding. If set to a filename, the system path will be searched
           for the executable. If set to a path, only the specified path will
           be executed. (Default: tor-fw-helper)

See also #4959 (moved). Should we close either this or that ticket?

Hrm, come to think of this bug. We probably don't really want those two extra binaries in the TBB: TBB is too large already, let's not add extra stuff unless it's really warranted. Why is it not warranted? TBBs are for clients, not relay operators - clients never need to use upnp.

Replying to Sebastian:

Hrm, come to think of this bug. We probably don't really want those two extra binaries in the TBB: TBB is too large already, let's not add extra stuff unless it's really warranted. Why is it not warranted? TBBs are for clients, not relay operators - clients never need to use upnp.

Makes sense.

Can we ship the extra binaries in the bridge/relay/exit bundles?

yup

Replying to Sebastian:

Hrm, come to think of this bug. We probably don't really want those two extra binaries in the TBB: TBB is too large already, let's not add extra stuff unless it's really warranted. Why is it not warranted? TBBs are for clients, not relay operators - clients never need to use upnp.

For clients using Flashproxies, having the tor-fw-helper in the bundle would be quite useful. They need to accept incoming WebSocket connections so getting through NAT is important.

The build process for the pluggable transport bundles makes use of the latest released TBBs, only adding the extra necessary configuration and components. Unfortunately, at the moment, compiling tor-fw-helper seems pretty tightly coupled to tor.

Trac:
Keywords: N/A deleted, flashproxy added

With #9033 (closed) done, the flash proxy transport is ready to use tor-fw-helper as soon as it's present in bundles. This has the potential to increase the number of people able to use the transport. There are probably more people with a UPnP-capable router than there are willing and able to do manual port forwarding.

Trac:
Username: amontero
Cc: chiiph to chiiph, amontero@tinet.org

Trac:
Username: FireballDWF
Cc: chiiph, amontero@tinet.org to chiiph, amontero@tinet.org, david.filiatrault@gmail.com

Here is a branch that packages tor-fw-helper on top of TBB 3.5.2. I sent a request to tor-qa that it be tested.

https://lists.torproject.org/pipermail/tor-qa/2014-February/000324.html https://people.torproject.org/~dcf/pt-bundle/3.5.2-fwhelper-1/ https://gitweb.torproject.org/user/dcf/tor-browser-bundle.git/shortlog/refs/heads/tor-fw-helper

Trac:
Status: new to needs_review

I was manually testing miniupnpc and natpmp-utils, which use the same libraries that tor-fw-helper does and have Debian packages. I used a natpmpc command from the man page and it segfaulted :(

$ natpmpc -a 50000 50000 tcp
Segmentation fault

Anyone else interested in testing those libraries, here are some commands to try.

miniupnpc:

external-ip                             # uses UPnP to find external IP.
upnpc -a <your-lan-ip> 50000 50000 tcp  # adds a port forwarding
upnpc -l                                # lists port forwardings
upnpc -d 50000 tcp                      # deletes port forwarding

natpmp-utils:

natpmpc                                 # external IP
natpmpc -a 50000 50000 tcp              # adds a port forwarding
natpmpc -a 50000 50000 tcp 0            # deletes port forwarding

A second batch of bundles with NAT-PMP disabled, forced use of IPv4, and fixed port 9000 listener. (These were announced back on February 15.)

https://lists.torproject.org/pipermail/tor-qa/2014-February/000338.html https://people.torproject.org/~dcf/pt-bundle/3.5.2-fwhelper-2/ https://gitweb.torproject.org/user/dcf/tor-browser-bundle.git/commitdiff/3.5.2-fwhelper-2?hp=tbb-3.5.2-build5

Trac:
Keywords: N/A deleted, MikePerry201402R added

This branch should be squashed and made to apply only to versions.beta and 3.6/beta bundles. I don't think we should even include tor-fw-helper in 3.5 if we can help it.

For what it's worth, I didn't make the branch with the intention that it would be merged and I'm not asking for it to be merged. I don't think tor-fw-helper is ready for the flash proxy use case.

I made the bundles because I wanted to do a survey to see how likely it is to work for users, which survey (https://lists.torproject.org/pipermail/tor-qa/2014-February/000324.html) got a few replies and mixed results. The second survey without NAT-PMP (https://lists.torproject.org/pipermail/tor-qa/2014-February/000338.html) got just one reply (successful) on IRC that I am aware of. tor-fw-helper doesn't work for me at home. Forcing IPv4 was only for an experiment and may be a net loss, because IPv6 tunneling is one of the things that works to get around NAT.

Trac:
Cc: chiiph, amontero@tinet.org, david.filiatrault@gmail.com to chiiph, amontero@tinet.org, david.filiatrault@gmail.com, mcs

#13338 (moved) should be the tor-fw-helper that we ship. It is compatible and removes the libminiupnpc and libnatpmp code-quality worries. I think it's ready to go in an alpha. There's no integration branch for it yet.

Set all open tickets without a severity to "Normal"

Trac:
Severity: N/A to Normal

I think there are no plans to ship that if I am wrong, please reopen this ticket and list the steps we should take (i.e. which code we should use, which branch we should merge etc.).

Trac:
Reviewer: N/A to N/A
Sponsor: N/A to N/A
Status: needs_review to closed
Resolution: N/A to user disappeared

closed

mentioned in issue #9033 (closed)

mentioned in issue #9444 (closed)

mentioned in issue #9781 (moved)

mentioned in issue #10418 (moved)

mentioned in issue #10538 (moved)

mentioned in issue #13338 (moved)