Problems connecting with ejabberd behind tor

Marco · August 18, 2022, 1:44pm

I setted up my Freedombox on a Raspberry Pi 3 Model B for the second time today.
The initial network configuration was: Freedombox connected to a router, Router is currently unconfigured, I do not know the type of connection my ISP provides. This because I want all services of my Freedombox only over tor.

After the first update I installed first tor and then ejabberd.
Then I created a user called “test” under User and Groups without any permissions (there is no ejabberd permission on that page).

After that I used Gajim to connect to my ejabberd server, with the following parameters:

test@dop1lsmxnz9dkepajgbs8ckemcnslrp1ps9ckdmzlayurbiwur0vbajs.onion

Advanced Settings->Login

Proxy:
I created a proxy called Tor with SOCKS5 127.0.0.1 9050 no proxy authentication.

(I have tor installed on my client that respond on port 9050)
$ sudo ss -tulpn | grep 9050 tcp LISTEN 0 4096 127.0.0.1:9050 0.0.0.0:* users:((“tor”,pid=1046,fd=6))

Hostname: dop1lsmxnz9dkepajgbs8ckemcnslrp1ps9ckdmzlayurbiwur0vbajs.onion
Port: 5222
Type: START TLS

But when I press Login I have a error of connection failed. Can’t reach the server.
I also tryed with Conversations on my Android but same. It seems the server is not reachable.
I am not so expert about tor so I need a hand.

Thank you.

BluishHumility · August 18, 2022, 1:59pm

You will need to do some configuration in your router, to get that traffic forwarded to the FreedomBox.

The easiest way to set this up is to put add the FreedomBox into the DMZ, if your router offers that option. This allows all traffic to be forwarded to the FreedomBox (FreedomBox uses firewalld and fail2ban to defend itself against malicious traffic). Another option is to set up port forwarding rules for just the needed ports.

The other consideration is your router may have its own firewall, for which the custom ports you have set up need to be open.

Marco · August 18, 2022, 3:18pm

Thank you for your fast reply.

I configured port forwarding on my router with the following ports:
5222
5269
5280
9001
39959
39589

Then I changed the network on my FB:
Connected to a router, Forward specific traffic as needed by each application, I do not know the type of connection my ISP provides.

Then I tryed but the error still persist, cannot reach the server.

Why with tor I have to do port forwarding? I thought there’s no need to do port forwarding with tor.

Thank you.