Re: [tor-relays] Tor Relay in Kubernetes cluster

Daniel Nikoloski

Hi Daniel

Not sure if that already has been answered. I don't use Kubernetes cluster but I find this one interesting:

> Address
> ORPort 9001 NoAdvertise IPv4Only
> ORPort 32150 NoListen IPv4Only

I believe the Tor server service will publish port 32150 but it listens
to port 9001. It will not listen to where foreign Tor clients speak.
Simply "ORPort 9001" could be enough if you bind Tor to the published


If you will bind the Tor server service to an internal address
(10.x.x.x) ie for use in a container, NoAdvertise and NoListen can
be used to explain it to Tor:

ORPort 10.x.x.x:9001 NoAdvertise IPv4Only
ORPort NoListen IPv4Only

The firewall needs to forward the traffic from the external to
the internal addresses. In pf world:
rdr on $IFEXT inet proto tcp from any to port 32150
-> 10.x.x.x port 9001

Finally (in my setup) the outbound traffic needs nat. In pf world:
nat on $IFEXT inet from 10.x.x.x to any ->