How to setup a snowflake proxy behind a restrictive NAT?

Hello,

I would like to install a snowflake proxy at home but there are some problems. All my servers are running behind a PfSense which is behind the ISP router. When I did the NAT behavior test, it was written " address and port dependent" in both mapping and filtering behavior.

I have a few questions about this problem :
1 - How to change the NAT behavior to be independent for a snowflake proxy ? I mean what do I need to do on my ISP router to change the behavior (open some ports ? put my linux in a DMZ ?)
1.2 - If you recommend to open ports, should I put my linux server behind my ISP router or behind my pfsense ? I will need to do more configuration if I choose the second choice.

2 - Is snowflake working with IPv6 ?

3 - Is the snowflake web extension affected by the restrictive NAT too ? I have installed it for one week, I didn’t have any clients connected on it. If I need to open ports to change the NAT behavior, I think that I won’t open ports for my computer.

4 - I have already a middle relay running at home, is it bad to have both on the same IP ? Snowflake proxy + middle relay

Thanks for your help, it will helps me to understand more how it works.

You shouldn’t run a relay and a bridge behind the same public ip. Your relay’s ip is public and everyone trying to censor tor will block it, so nobody trying to deal with censorship will be able to connect to your bridge.

3 Likes

You are right, I will try to avoid to host both on the same IP :+1: