​FTE is a pluggable transport. Here's how to configure an β€œfte” bridge:

FTE bridge setup

For the examples below, our IP address is In practice, replace this with your own address.

Example torrc

DataDirectory /path/to/tor_data  # location to store runtime data
Log notice file /path/to/tor_log # location to log notices, warnings, and errors
RunAsDaemon 1                 # runs as a background process
User $USERNAME                # lowers our permissions to this user

PublishServerDescriptor 0       # do not publish server descriptor (set as 1 to publish through BridgeDB)
ServerTransportPlugin fte exec /usr/bin/fteproxy --managed --mode server # enable fte transport
BridgeRelay 1                   # be a bridge

ContactInfo $EMAILADDRESS     # email address in case contacting you is required
Nickname $RELAYNAME           # name for this relay
SocksPort 0                   # prevents tor from being used as a client
ExitPolicy reject *:*         # prevents us from connecting to non-relays

Example log output

[notice] Registered server transport 'fte' at ''

iptables rules to mirror on 80/443

Mirror on port 80:

-A PREROUTING -d -p tcp -m tcp --dport 80 -j DNAT --to-destination

Mirror on port 443:

-A PREROUTING -d -p tcp -m tcp --dport 443 -j DNAT --to-destination

PF rules to mirror on 80/443

For this example, our interface is msk0.

Mirror on port 80:

pass in on msk0 proto tcp from any to port 80 \
        rdr-to port 59003

Mirror on port 443:

pass in on msk0 proto tcp from any to port 443 \
        rdr-to port 59003

Unpublished bridges

If you decide to make your bridge "unpublished", and would like the support team to use your bridge for helping users in heavily restricted regions; please send the bridge address / fingerprint to tor-assistants<AT>lists<DOT>torproject<DOT>org.

Last modified 3 years ago Last modified on Jul 18, 2014, 1:05:35 AM