Thank you so much for your reply.
I have two questions:
1- So, can I change it to the IP address of my NIC?
2- In an internal network, is it possible to set up a Tor Bridge for testing on a client that has access to the Internet? For example, The IP address of the client is 172.21.2.3 and it has access to the Internet. Install a Tor bridge on this client and connect the rest of the clients in the internal network to this Tor bridge. Is this possible? Or the computer on which the Tor bridge is started must have a global IP address?
If by address of your NIC you mean your private address, don’t do that or else it won’t work. Just leave ORPort 0.0.0.0:443 as is or remove 0.0.0.0, tor will get your public IP. Except for IPv6, in that case you must specify your IPv6 address like this ORPort [YourIPv6Address]:443.
It is mandatory to use IPv4, but enabling IPv6 is really important if you have that choice. If you have both, IPv4 and IPv6 available, you config may look like this:
Please use ports of your choice, but as the other operator said, ports 80, 443 and 8080 are specially useful, as they are ports that are often open. I just set up a Guard/Middle relay with that piece of configuration and it is working great. Hopefully, it will work for bridges.
There is no need to specify IP address, as Cryptux said:
Explanation: If you specify your public IP address it will bind to it, and if it doesn’t match then your bridge won’t work. This is important because little people have an static IPv4 address - and if it is dynamic, when your router (or machine, in case you are running your bridge on a cloud service provider) reboots, it is likely to get a new IPv4 address.
TL;DR: Just leave your configuration as ORPort 443 or ORPort 0.0.0.0:443, whatever you like the most.
This will be a ’secret’ bridge [PublishServerDescriptor 0] which you could send to email@example.com or distribute yourself. Assume Reachable 1 means there will be no reachability test in your log. I also allowed incoming traffic to port 8080 in my device firewall as well as the NAT firewall in my router. YMMV on the firewall rules.
1- If my server IP address is dynamic, then it is better to use 0.0.0.0 for both options because Tor automatically selects my IP address and if my server IP address is static, then I can use my static IP address instead of 0.0.0.0 . Am I right?
2- In the above two options, should both ports be the same?
Thank you so much for your reply.
The ORPort is the port that accepts client connections and connections from other relays.
Why @Quartermarsh used ORPort 127.0.0.1:auto ? How can clients and other relays connect to 127.0.0.1 ?
So with your bridgeline specifying [your ip]:8080 etc. and ServerTransportListenAddr obfs4 0.0.0.0:8080 specified in your config then clients will connect on the port specified. Like this:
Aug 01 09:31:16.275 [notice] Opening Socks listener on 127.0.0.1:9050
Aug 01 09:31:16.276 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9050
Aug 01 09:31:16.276 [notice] Opening Control listener on 127.0.0.1:9051
Aug 01 09:31:16.276 [notice] Opened Control listener connection (ready) on 127.0.0.1:9051
Aug 01 09:31:16.276 [notice] Opening OR listener on 127.0.0.1:0
Aug 01 09:31:16.276 [notice] OR listener listening on port 58225.
Aug 01 09:31:16.276 [notice] Opened OR listener connection (ready) on 127.0.0.1:58225
Aug 01 09:31:16.276 [notice] Opening Extended OR listener on 127.0.0.1:0
Aug 01 09:31:16.276 [notice] Extended OR listener listening on port 58226.
Aug 01 09:31:16.276 [notice] Opened Extended OR listener connection (ready) on 127.0.0.1:58226