Bridge making connections to itself, at 127.0.0.1?

wdenton · April 6, 2024, 6:19pm

I’ve set up a new bridge and everything seems to be working well, but I have a question about something I saw while checking on ports and networking.

My configuration contains this:

BridgeRelay 1
PublishServerDescriptor bridge
AddressDisableIPv6 1
SocksPort 0
ORPort 2112 IPv4Only
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:443

So Tor stuff happens on port 2112, and port 443 is where clients can connect (which as I understand it should make the bridge less noticeable).

I ran this to see what’s listening on the ports. Setting aside 22 for ssh and 53 for DNS, everything is Tor-related.

$ sudo netstat --numeric --tcp  --program --listen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:37715         0.0.0.0:*               LISTEN      18582/tor           
tcp        0      0 0.0.0.0:2112            0.0.0.0:*               LISTEN      18582/tor           
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      18766/sshd: /usr/sb 
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      653/systemd-resolve 
tcp6       0      0 :::22                   :::*                    LISTEN      18766/sshd: /usr/sb 
tcp6       0      0 :::443                  :::*                    LISTEN      18583/obfs4proxy

obfs4proxy is listening on port 443: good. But notice port 37715. (This port is randomly chosen, I think, so someone else running this command would see a different number.) There are connections in and out of it:

$ sudo netstat --numeric --tcp  --program  | grep 37715
tcp        0      0 127.0.0.1:49388         127.0.0.1:37715         ESTABLISHED 18583/obfs4proxy    
tcp        0      0 127.0.0.1:58068         127.0.0.1:37715         ESTABLISHED 18583/obfs4proxy    
tcp        0      0 127.0.0.1:34540         127.0.0.1:37715         ESTABLISHED 18583/obfs4proxy    
tcp        0      0 127.0.0.1:37715         127.0.0.1:53494         ESTABLISHED 18582/tor           
tcp        0      0 127.0.0.1:37715         127.0.0.1:36960         ESTABLISHED 18582/tor           
tcp        0      0 127.0.0.1:37715         127.0.0.1:34540         ESTABLISHED 18582/tor           
tcp        0      0 127.0.0.1:37715         127.0.0.1:49388         ESTABLISHED 18582/tor

The Tor server is listening on port 37715 and obfs4proxy is sending to the port, if I read that right. What’s happening? What is flowing where? Thanks for any explanation or pointers.

Felix · April 7, 2024, 11:47am

Somehow obfs4 is listening to ipv6 but we would expect it at ip4.

Felix · April 8, 2024, 8:30am

To the original question you can find more:
Pluggable Transport Spec

Yes, the obfusctor and Tor daemon communicate at localhost.

dcf · April 8, 2024, 4:38pm

Do you have ExtORPort auto set in torrc? (You should have it set.) The “extended ORPort” is where tor receives connections from obfs4proxy. It only listens on localhost, and auto means it chooses a random ephemeral port. obfs4proxy receives connections on the external port 443, and forwards them to tor’s extended ORPort on localhost.

If ExtORPort is not set, obfs4proxy will instead connect to the normal ORPort, but you don’t want that because it produces metrics that are less useful. The “extended” part of ExtORPort lets obfs4proxy forward information to tor such as the client IP address, which is used for metrics separated by country.

wdenton · April 9, 2024, 7:40am

Thanks! I do have ExtORPort auto set but forgot to include it in my snippet, so that explains that.

system · April 10, 2024, 7:41am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.