Hacker News Re-Imagined

Expose server behind NAT with Tor

  • 85 points
  • 14 days ago

  • @marcodiego
  • Created a post

Expose server behind NAT with Tor


@unstatusthequo 13 days

Replying to @marcodiego 🎙

How about ngrok? Works great.

Reply


@geoffeg 13 days

Replying to @marcodiego 🎙

Another option is a VPN as a service solution like tailscale. Tailscale does a lot of work to get around NAT and has some great articles on their blog about it. https://tailscale.com/blog/how-nat-traversal-works/

Reply


@superkuh 13 days

Replying to @marcodiego 🎙

Every single tor .onion URL in this article no longer works in Tor clients. Why? Because the tor project decided to throw away 15 years of communities and interlinking and search indices just to make sure people don't accidentally use tor v2 (which is still more secure than the clear web) and force them to use the far more secure tor v3 (an entirely new network). They did this in Oct/Nov 2021 after a couple years of warning of depreciation (not deletion).

Reply


@goodpoint 12 days

Replying to @marcodiego 🎙

The non anonymous / single hop mode makes the onion service faster:

https://blog.torproject.org/whats-new-tor-0298/

Reply


@neilalexander 13 days

Replying to @marcodiego 🎙

The main downside to this is that performance will generally be quite bad. Tor trades performance for anonymity. Unless you specifically need anonymity — which is highly unlikely when you are just trying to reach back to a host of your own behind a NAT — there probably isn't any benefit in using Tor.

Reply


@throwaway_moon 13 days

Replying to @marcodiego 🎙

Another benefit is that Tor has built-in load balancing and failover.

You can use it with onionbalance.

Reply


@anderspitman 13 days

Replying to @marcodiego 🎙

There are essentially 3 ways proxy tunneling like this is done:

1. The Tor method mentioned in this article - Will probably be the worst performance but it's free and offers some privacy features.

2. VPN - WireGuard (Tailscale is popular), OpenVPN, IPsec etc. Best performance, but requires some low-level configuration on both the client and server. You'll probably need admin privileges on the client to configure network interfaces. This is usually automated in practice. If you're on network that blocks UDP, that can also be an issue. You also need a server with a public IP, which generally you'll have to pay for.

3. User-space tunnels - Solutions like SSH remote port forwarding, ngrok, etc. Convenient because on the client you don't need elevated privileges. Performance will likely be somewhere between Tor and VPN. Although note that unless you have very fast internet upload speeds, tunnel performance isn't likely to be your bottleneck. Many solutions multiplex over a single TCP connection, which can cause issues in lossy network conditions due to head-of-line blocking. You need a server with a public IP just like with a VPN.

I maintain a list of proxy tunneling solutions here:

https://github.com/anderspitman/awesome-tunneling

Reply


@_wldu 13 days

Replying to @marcodiego 🎙

If you use Tor, you should stop. I believe that it is mostly used by criminals and that it is largely ran by law enforcement agencies. I cannot prove this but I believe it is true. Simply using it makes you suspect.

Also, if you have a need to use Tor for work purposes, get written permission from your senior management and describe exactly what you will do while using Tor (scan our hosts externally, test our firewall rules, find exposed services or mis-configured systems, etc.).

If your goal is to be anonymous while surfing the Internet, find some other way, but stop using Tor for that.

Reply


@kevin_nisbet 13 days

Replying to @marcodiego 🎙

For some reason I'm under the impression that onion services were discoverable, or partially discoverable by relay operators, or some such. IT's been quite awhile though and I think there was some talk of changing that.

Does anyone know if that has changed? Last time someone suggested to me, which was several years ago, it didn't seem to have the security properties the person suggesting the approach thought it had, specifically that tor was adding security via the onion service.

Anyone have up to date information?

Reply


About Us

site design / logo © 2022 Box Piper