Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit the local port range the onion service can bind to #2856

Open
nyxnor opened this issue Sep 26, 2024 · 0 comments
Open

Limit the local port range the onion service can bind to #2856

nyxnor opened this issue Sep 26, 2024 · 0 comments
Assignees
@alvasw
Labels
improvement tor

Comments

@nyxnor
Copy link

nyxnor commented Sep 26, 2024

Thanks to @alvasw and the Bisq2 team, it v2.1.0 is working on Whonix 17.

Limiting port range the onion service can bind to locally. This is specially useful when using Whonix.

Currently, it recommends to open all ports in the firewall of the Workstation to be externally reachable via EXTERNAL_OPEN_ALL=true. That is not great.

It would be better to use the same method OnionShare uses, port ranges and tries different ones till it finds an unused port, which would be a better firewall with EXTERNAL_OPEN_PORTS+=" $(seq 17600 17659) ", with appropriate changes to the onion-grater profile (onion share example).

In other words, limit the localPort of:

bisq2/network/tor/tor/src/main/java/bisq/tor/controller/TorControlProtocol.java

Line 87 in 283bcff

String command = "ADD_ONION " + "ED25519-V3:" + base64SecretScalar + " Port=" + onionPort + "," + localPort + "\r\n";

to a range of possible ports and document it, so Whonix users can stay with a tight firewa...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alvasw alvasw

Labels
improvement tor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nyxnor @alvasw @HenrikJannsen