Re: [opensuse] Re: How to enable Tor in firewall for tor relaying?

On 17/08/10 23:46, zGreenfelder wrote:
perhaps you should check the rules by hand with iptables -L

and possibly try iptables -I INPUT -p tcp --dport (port number) -j
ALLOW [do one for each of the ports you're expecting).

Hmm... What shoud I do?

================
# iptables -I INPUT -p tcp --dport 9030 -j ALLOW
iptables v1.4.8: Couldn't load target
`ALLOW':/usr/lib/xtables/libipt_ALLOW.so: cannot open shared object
file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
================

There is no such file. I removed and installed iptables with no result.



are you sure
TOR only uses those 3? and are you sure it's all TCP?

I'm not. But the documentation is not clear as for me. It says:

"If you are using a firewall, open a hole in your firewall so incoming
connections can reach the ports you configured (ORPort, plus DirPort if
you enabled it). If you have a hardware firewall (Linksys box,
cablemodem, etc) you might like portforward.com. Also, make sure you
allow all outgoing connections too, so your relay can reach the other
Tor relays. "

The ORPort is 9001
The DirPort is 9030
9050 is one another, I found in configs and tried to open it just in case.

Now I think I have 2 problems:
1. Thet missing file above
2. The documentaion says "make sure you allow all outgoing connections
too". I'm not what connections Yast Firewall should open - all, outgoing
or ingoing.


I suspect those 3 are just base ports and it negotiates some higher
numbered ports; perhaps those are being blocked... and I can't recall
the config parameters for handling such things in iptables right now.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: [kde] Im feeling paranoid - with good reason.
    ... There should be a script in /etc/rc.d/init.d that starts iptables and loads ... the ruleset in /etc/sysconfig/iptables. ... Things like suse2 firewall. ... Check for open ports by running nmap localhost. ...
    (KDE)
  • IPTABLES Question
    ... I have what I think is a Noob IPTABLES question. ... This appears to work for the game ports only AFTER I reboot the firewall. ... Again, doing this on the fly is crucial to the way I run, a firewall reboot ...
    (linux.redhat)
  • Re: Gui for configuring NTP
    ... >>> behind a firewall that does not have these ports opened. ... As I became more proficient with iptables and trimmed cruft (and used ... The medium hard part is opening a specific second hole to a single address "out there" using the trusted machine acccess to get in so I can perform the tweak. ...
    (Fedora)
  • Re: is it rational to close the 139 port
    ... You use iptables to reject all connections. ... the services on ports 22 and 80 become unavailable, ... You now poke two holes in the firewall to reverse what you did in 2. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: how nmap can know my firewalled servers ?
    ... block localhost with iptables ... Dropping traffic at a firewall violates RFC and makes it ... True, I am using DROP state on my iptables, but even when I changed ... GMT+2 Interesting ports on localhost: ...
    (Security-Basics)