Browse code
Remove duplication about outgoing firewalls by splitting uses cases between client and relay
Lunar authored on22/07/2014 18:24:08 Showing1 changed files
| ... | ... |
@@ -48,8 +48,8 @@ proxies?</a></li> |
| 48 | 48 |
<li><a href="#IsItWorking">How can I tell if Tor is working, and that my |
| 49 | 49 |
connections really are anonymized?</a></li> |
| 50 | 50 |
<li><a href="#Mobile">Can I use Tor on my phone or mobile device?</a></li> |
| 51 |
- <li><a href="#OutboundPorts">Do I have to open all these outbound ports |
|
| 52 |
- on my firewall?</a></li> |
|
| 51 |
+ <li><a href="#OutboundPorts">Which outbound ports must be open when |
|
| 52 |
+ using Tor as a client?</a></li> |
|
| 53 | 53 |
<li><a href="#FTP">How do I use my browser for ftp with Tor?</a></li> |
| 54 | 54 |
<li><a href="#NoDataScrubbing">Does Tor remove personal information |
| 55 | 55 |
from the data my application sends?</a></li> |
| ... | ... |
@@ -882,10 +882,9 @@ executive |
| 882 | 882 |
|
| 883 | 883 |
<hr> |
| 884 | 884 |
|
| 885 |
- <a id="OutboundPorts"></a> |
|
| 886 |
- <h3><a class="anchor" href="#OutboundPorts">Do I have to open all these |
|
| 887 |
- outbound ports on my firewall?</a></h3> |
|
| 888 |
- |
|
| 885 |
+ <a id="OutboundPorts"></a> |
|
| 886 |
+ <h3><a class="anchor" href="#OutboundPorts">Which outbound ports must be open when |
|
| 887 |
+ using Tor as a client?</a></h3> |
|
| 889 | 888 |
<p> |
| 890 | 889 |
Tor may attempt to connect to any port that is advertised in the |
| 891 | 890 |
directory as an ORPort (for making Tor connections) or a DirPort (for |
| ... | ... |
@@ -894,7 +893,7 @@ executive |
| 894 | 893 |
ports too. |
| 895 | 894 |
</p> |
| 896 | 895 |
<p> |
| 897 |
- As a client: you could probably get away with opening only those four |
|
| 896 |
+ When using Tor as a client, you could probably get away with opening only those four |
|
| 898 | 897 |
ports. Since Tor does all its connections in the background, it will retry |
| 899 | 898 |
ones that fail, and hopefully you'll never have to know that it failed, as |
| 900 | 899 |
long as it finds a working one often enough. However, to get the most |
| ... | ... |
@@ -905,14 +904,6 @@ executive |
| 905 | 904 |
you want to explicitly tell your Tor client which ports are reachable |
| 906 | 905 |
for you. |
| 907 | 906 |
</p> |
| 908 |
- <p> |
|
| 909 |
- As a relay: you must allow outgoing connections to every other relay |
|
| 910 |
- and to anywhere your exit policy advertises that you allow. The |
|
| 911 |
- cleanest way to do that is simply to allow all outgoing connections |
|
| 912 |
- at your firewall. If you don't, clients will ask you to extend to |
|
| 913 |
- those relays, and those connections will fail, leading to complex |
|
| 914 |
- anonymity implications for the clients which we'd like to avoid. |
|
| 915 |
- </p> |
|
| 916 | 907 |
|
| 917 | 908 |
<hr> |
| 918 | 909 |
|
| ... | ... |
@@ -2334,7 +2325,7 @@ too. |
| 2334 | 2325 |
<hr> |
| 2335 | 2326 |
|
| 2336 | 2327 |
<a id="OutgoingFirewall"></a> |
| 2337 |
- <h3><a class="anchor" href="#BandwidthShaping">How should I configure |
|
| 2328 |
+ <h3><a class="anchor" href="#OutgoingFirewall">How should I configure |
|
| 2338 | 2329 |
my outgoing filters?</a></h3> |
| 2339 | 2330 |
|
| 2340 | 2331 |
<p> |