revise the OutboundPorts faq entry
Roger Dingledine commited on 2014-05-24 00:27:15
Zeige 1 geänderte Dateien mit 18 Einfügungen und 17 Löschungen.
- docs/en/faq.wml e1715ae5d..775b507f0
| ... | ... |
@@ -887,28 +887,29 @@ executive |
| 887 | 887 |
<p> |
| 888 | 888 |
Tor may attempt to connect to any port that is advertised in the |
| 889 | 889 |
directory as an ORPort (for making Tor connections) or a DirPort (for |
| 890 |
- fetching updates to the directory). There are a variety of these ports, |
|
| 891 |
- but many of them are running on 80, 443, 9001, and 9030. |
|
| 890 |
+ fetching updates to the directory). There are a variety of these ports: |
|
| 891 |
+ many of them are running on 80, 443, 9001, and 9030, but many use other |
|
| 892 |
+ ports too. |
|
| 892 | 893 |
</p> |
| 893 | 894 |
<p> |
| 894 |
- So as a client, you could probably get away with opening only those four |
|
| 895 |
+ As a client: you could probably get away with opening only those four |
|
| 895 | 896 |
ports. Since Tor does all its connections in the background, it will retry |
| 896 | 897 |
ones that fail, and hopefully you'll never have to know that it failed, as |
| 897 | 898 |
long as it finds a working one often enough. However, to get the most |
| 898 |
- diversity in your entry nodes -- and thus the most security -- as well as |
|
| 899 |
- the most robustness in your connectivity, you'll want to let it connect |
|
| 900 |
- to all of them. |
|
| 901 |
- </p> |
|
| 902 |
- <p> |
|
| 903 |
- If you really need to connect to only a small set of ports, see the FAQ |
|
| 904 |
- entry on <a href="#FirewallPorts">firewalled ports</a>. |
|
| 905 |
- </p> |
|
| 906 |
- <p> |
|
| 907 |
- Note that if you're running Tor as a relay, you must allow outgoing |
|
| 908 |
- connections to every other relay and to anywhere your exit policy |
|
| 909 |
- advertises that you allow. The cleanest way to do that is simply to allow |
|
| 910 |
- all outgoing connections at your firewall. If you don't, clients will try |
|
| 911 |
- to use these connections and things won't work. |
|
| 899 |
+ diversity in your entry nodes — and thus the most security |
|
| 900 |
+ — as well as the most robustness in your connectivity, you'll |
|
| 901 |
+ want to let it connect to all of them. |
|
| 902 |
+ See the FAQ entry on <a href="#FirewallPorts">firewalled ports</a> if |
|
| 903 |
+ you want to explicitly tell your Tor client which ports are reachable |
|
| 904 |
+ for you. |
|
| 905 |
+ </p> |
|
| 906 |
+ <p> |
|
| 907 |
+ As a relay: you must allow outgoing connections to every other relay |
|
| 908 |
+ and to anywhere your exit policy advertises that you allow. The |
|
| 909 |
+ cleanest way to do that is simply to allow all outgoing connections |
|
| 910 |
+ at your firewall. If you don't, clients will ask you to extend to |
|
| 911 |
+ those relays, and those connections will fail, leading to complex |
|
| 912 |
+ anonymity implications for the clients which we'd like to avoid. |
|
| 912 | 913 |
</p> |
| 913 | 914 |
|
| 914 | 915 |
<hr> |
| 915 | 916 |