diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-01-17 11:35:01 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-01-17 11:35:01 -0500 |
| commit | 90744e95f4b49a4026126c3cdc99bdc85dc7abc3 (patch) | |
| tree | 25e0993c9af711411fc9ffc536e59f93fcd98f7d /proposals/186-multiple-orports.txt | |
| parent | f08a04058a93b2f0a44ba27b5a76ff05706a2089 (diff) | |
| download | torspec-90744e95f4b49a4026126c3cdc99bdc85dc7abc3.tar.gz torspec-90744e95f4b49a4026126c3cdc99bdc85dc7abc3.zip | |
apply notes from karsten and roger to proposal 186
Diffstat (limited to 'proposals/186-multiple-orports.txt')
| -rw-r--r-- | proposals/186-multiple-orports.txt | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/proposals/186-multiple-orports.txt b/proposals/186-multiple-orports.txt index 192d758..d76377d 100644 --- a/proposals/186-multiple-orports.txt +++ b/proposals/186-multiple-orports.txt @@ -64,9 +64,9 @@ Configuring additional addresses and ports: In current operating systems (unless we get into crazy nonportable tricks) we need to use one socket for every address:port that Tor - binds on. As a sanity check, we can limit the number of such - sockets we use to, say, 64. If you want to bind lots of - address:port combinations, you'll want to do it at the + binds on. As a sanity check, we can limit the number of such sockets + we use to, say, something between 8 and 64. If you want to bind lots + of address:port combinations, you'll want to do it at the firewall/routing level. Example: We want to bind on 0.0.0.0:9001 @@ -74,10 +74,10 @@ Configuring additional addresses and ports: ORPort 9001 Example: Our firewall is redirecting ports 80, 443, and 7000-8000 - on all hosts in 18.244.2.0/24 onto our port 2929. + on all hosts in 18.244.2.0 onto our port 2929. ORPort 2929 noadvertise - ORPort 18.244.2.0/24:80,443,7000-8000 nolisten + ORPort 18.244.2.0:80,443,7000-8000 nolisten Example: We have a dynamic DNS provider that maps tornode.example.com to our current external IPv4 and IPv6 @@ -98,8 +98,10 @@ Self-testing: combinations. It will now be possible for a Tor node to find that some addresses - work and others do not. In this case, the node should only - advertise ORPort lines that have been checked. + work and others do not. In this case, the node should only advertise + ORPort lines that have been checked. (As a consequence, the node + should not advertise any address unless at least one ORPort without + nolisten has been specified.) {Until support is added for extend cells to IPv6 addresses, it will only be possible to test IPv6 addresses by connecting |