# Tor bridge configuration



## jewsofeast (Jul 3, 2011)

I've installed & configured security/tor.

Here is my /usr/local/etc/tor/torrc http://paste.pocoo.org/show/427733/.

I've opened ORPort 8443 in /etc/pf.conf.


```
nmap -sT -O localhost
Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-07-03 17:51 SGT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00026s latency).
Not shown: 990 filtered ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
53/tcp   open  domain
111/tcp  open  rpcbind
515/tcp  open  printer
2049/tcp open  nfs
3306/tcp open  mysql
5432/tcp open  postgresql
8443/tcp open  https-alt
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): FreeBSD 7.X|8.X (99%)
Aggressive OS guesses: FreeBSD 7.0-RELEASE (99%), FreeBSD 7.2-RELEASE (98%), FreeBSD 7.0-RELEASE-p2 - 7.1-PRERELEASE (94%), FreeBSD 8.0-BETA2
 - 8.0-RELEASE (94%), FreeBSD 8.0-RC1-p1 (94%), FreeBSD 8.0-RELEASE (93%), FreeBSD 7.0-RELEASE-p1 - 8.1-RELEASE-p1 (93%), FreeBSD 8.0-STABLE
 (93%), FreeBSD 7.0-BETA4 - 7.0 (92%), FreeBSD 7.0-CURRENT (92%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 52.57 seconds
```

When I start tor by running [cmd=]/usr/local/etc/rc.d/tor start[/cmd], I see this -

```
/usr/local/etc/rc.d/tor start
Starting tor.
Jul 03 18:09:07.146 [notice] Tor v0.2.1.30. This is experimental software. Do not rely on it for strong anonymity. (Running on FreeBSD amd64)
Jul 03 18:09:07.147 [notice] Choosing default nickname 'dave'
Jul 03 18:09:07.147 [notice] Your ContactInfo config option is not set. Please consider setting it, so we can contact you if your server is
 misconfigured or something else goes wrong.
Jul 03 18:09:07.175 [notice] Initialized libevent version 1.4.14b-stable using method kqueue. Good.
Jul 03 18:09:07.175 [notice] Opening OR listener on 0.0.0.0:8443
```

When I check [cmd=]tail -f /var/log/tor[/cmd] it returns error -


```
Jul 03 18:09:17.445 [notice] OpenSSL OpenSSL 0.9.8q 2 Dec 2010 looks like version 0.9.8m or later; I will try SSL_OP to enable
 renegotiation
Jul 03 18:09:17.507 [notice] Your Tor server's identity key fingerprint is 'dave 5F9EC66AD1CC13F9ED9F5768BF1077715B2A2AC3'
Jul 03 18:09:17.968 [notice] We now have enough directory information to build circuits.
Jul 03 18:09:17.968 [notice] Bootstrapped 80%: Connecting to the Tor network.
Jul 03 18:09:18.285 [notice] Bootstrapped 85%: Finishing handshake with first hop.
Jul 03 18:09:18.512 [notice] Guessed our IP address as XXX.XXX.XXX.XXX (source: 74.3.165.39).
Jul 03 18:09:19.957 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Jul 03 18:09:21.817 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jul 03 18:09:21.817 [notice] Bootstrapped 100%: Done.
Jul 03 18:09:21.817 [notice] Now checking whether ORPort XXX.XXX.XXX.XXX:8443 is reachable... (this may take up to 20 minutes -- look for log
 messages indicating success)
Jul 03 18:29:22.103 [warn] Your server (XXX.XXX.XXX.XXX:8443) has not managed to confirm that its ORPort is reachable. Please check your
 firewalls, ports, address, /etc/hosts file, etc.
```

I dont know why it doesn't work.


----------



## SirDice (Jul 4, 2011)

Post your /etc/pf.conf please.


----------



## jewsofeast (Jul 6, 2011)

Hi, thanks for the reply. Here is my /etc/pf.conf http://paste.pocoo.org/show/430823/. Its noobish, this my first time with PF.


----------



## SirDice (Jul 6, 2011)

Is tor running on the same machine as PF? If not you're missing a rdr rule to forward the port.


```
pass in quick on $ext_if proto { tcp, udp } from any to ($ext_if) port 8443 keep state
 pass out quick on $ext_if proto { tcp, udp } from any to ($ext_if) port 8443 keep state
```

The pass out rule isn't needed. The ORPort is an incoming connection. Replies will be automatically allowed because of the keep state.


----------



## jewsofeast (Jul 6, 2011)

Hi, tor is running on same machine. I'm not sure on rdr rule. If you can could you please elaborate.


----------



## SirDice (Jul 7, 2011)

Because tor is running on the same machine a rdr isn't needed. Just wanted to make sure


----------



## jewsofeast (Jul 9, 2011)

Alright, so what are my options with TOR.


----------

