FTE is a pluggable transport. Here's how to configure an “fte” bridge:
FTE bridge setup
For the examples below, our IP address is 203.0.113.1. In practice, replace this with your own address.
Example torrc
DataDirectory /path/to/tor_data # location to store runtime data
Log notice file /path/to/tor_log # location to log notices, warnings, and errors
RunAsDaemon 1 # runs as a background process
User $USERNAME # lowers our permissions to this user
PublishServerDescriptor 0 # do not publish server descriptor (set as 1 to publish through BridgeDB)
ServerTransportPlugin fte exec /usr/bin/fteproxy --managed --mode server # enable fte transport
BridgeRelay 1 # be a bridge
ContactInfo $EMAILADDRESS # email address in case contacting you is required
Nickname $RELAYNAME # name for this relay
SocksPort 0 # prevents tor from being used as a client
ExitPolicy reject *:* # prevents us from connecting to non-relaysExample log output
[notice] Registered server transport 'fte' at '0.0.0.0:59003'iptables rules to mirror on 80/443
Mirror on port 80:
-A PREROUTING -d 203.0.113.1/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 203.0.113.1:59003Mirror on port 443:
-A PREROUTING -d 203.0.113.1/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 203.0.113.1:59003PF rules to mirror on 80/443
For this example, our interface is msk0.
Mirror on port 80:
pass in on msk0 proto tcp from any to 203.0.113.1 port 80 \
rdr-to 203.0.113.1 port 59003Mirror on port 443:
pass in on msk0 proto tcp from any to 203.0.113.1 port 443 \
rdr-to 203.0.113.1 port 59003Unpublished bridges
If you decide to make your bridge "unpublished", and would like the support team to use your bridge for helping users in heavily restricted regions; please send the bridge address / fingerprint to tor-assistantsliststorprojectorg.