|
[[TOC(noheading)]]
|
|
[[TOC(noheading)]]
|
|
|
|
|
|
= Running an obfsproxy bridge on port X =
|
|
# Running an obfsproxy bridge on port X
|
|
First, find out which port obfs3 is currently listening on by looking at Tor's log. For the
|
|
First, find out which port obfs3 is currently listening on by looking at Tor's log. For the
|
|
examples below, obfs3 is running on port 59003 and our IP address is 203.0.113.1.
|
|
examples below, obfs3 is running on port 59003 and our IP address is 203.0.113.1.
|
|
|
|
|
|
== Example torrc ==
|
|
## Example torrc
|
|
{{{
|
|
```
|
|
DataDirectory /path/to/tor_data # location to store runtime data
|
|
DataDirectory /path/to/tor_data # location to store runtime data
|
|
Log notice file /path/to/tor_log # location to log notices, warnings, and errors
|
|
Log notice file /path/to/tor_log # location to log notices, warnings, and errors
|
|
RunAsDaemon 1 # runs as a background process
|
|
RunAsDaemon 1 # runs as a background process
|
... | @@ -18,35 +18,35 @@ BridgeRelay 1 # be a bridge |
... | @@ -18,35 +18,35 @@ BridgeRelay 1 # be a bridge |
|
Nickname $RELAYNAME # name for this relay
|
|
Nickname $RELAYNAME # name for this relay
|
|
SocksPort 0 # prevents tor from being used as a client
|
|
SocksPort 0 # prevents tor from being used as a client
|
|
ExitPolicy reject *:* # prevents us from connecting to non-relays
|
|
ExitPolicy reject *:* # prevents us from connecting to non-relays
|
|
}}}
|
|
```
|
|
|
|
|
|
== Example log output ==
|
|
## Example log output
|
|
{{{
|
|
```
|
|
[notice] Registered server transport 'obfs3' at '0.0.0.0:59003'
|
|
[notice] Registered server transport 'obfs3' at '0.0.0.0:59003'
|
|
}}}
|
|
```
|
|
|
|
|
|
== iptables rules ==
|
|
## iptables rules
|
|
Mirror on port 80:
|
|
Mirror on port 80:
|
|
{{{
|
|
```
|
|
-A PREROUTING -d 203.0.113.1/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 203.0.113.1:59003
|
|
-A PREROUTING -d 203.0.113.1/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 203.0.113.1:59003
|
|
}}}
|
|
```
|
|
|
|
|
|
Mirror on port 443:
|
|
Mirror on port 443:
|
|
{{{
|
|
```
|
|
-A PREROUTING -d 203.0.113.1/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 203.0.113.1:59003
|
|
-A PREROUTING -d 203.0.113.1/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 203.0.113.1:59003
|
|
}}}
|
|
```
|
|
|
|
|
|
== PF rules ==
|
|
## PF rules
|
|
For this example, our interface is msk0.
|
|
For this example, our interface is msk0.
|
|
|
|
|
|
Mirror on port 80:
|
|
Mirror on port 80:
|
|
{{{
|
|
```
|
|
pass in on msk0 proto tcp from any to 203.0.113.1 port 80 \
|
|
pass in on msk0 proto tcp from any to 203.0.113.1 port 80 \
|
|
rdr-to 203.0.113.1 port 59003
|
|
rdr-to 203.0.113.1 port 59003
|
|
}}}
|
|
```
|
|
|
|
|
|
Mirror on port 443:
|
|
Mirror on port 443:
|
|
{{{
|
|
```
|
|
pass in on msk0 proto tcp from any to 203.0.113.1 port 443 \
|
|
pass in on msk0 proto tcp from any to 203.0.113.1 port 443 \
|
|
rdr-to 203.0.113.1 port 59003
|
|
rdr-to 203.0.113.1 port 59003
|
|
}}} |
|
``` |
|
\ No newline at end of file |
|
\ No newline at end of file |