Hi,
a couple of weeks ago the exitnode tory.uvt.nl started its first process
TORy0. It runs on a dual quadcore with 8GB and has a 1 Gb/s connection to a
Cisco, which has a 10 Gb/s path into AMS-IX. Each core is:
processor : 7
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Xeon(R) CPU E5335 @ 2.00GHz
stepping : 11
cpu MHz : 2000.070
cache size : 4096 KB
Currently the TORy1 to TORy3 instances are slowly speeding up. The machine
runs Linux version 2.6.26-2-amd64 (Debian 2.6.26-24lenny1), currently without
any of the high performance tuning that was discussed lately. Even iptables
does its usual work.
Olaf helped me with his /etc/tor/torrc setup, but I kludged a /etc/init.d/tor
version with the objective that a reboot starts the TOR instances for all
/etc/tor/tor*.cfg files while still allowing manual commands like
sudo /usr/sbin/invoke-rc.d tor reload tor2 tor4
No doubt someone will do better, but I love the instances() procedure in
general and the line base=${c##*/} in particular. I stole it from a colleague
who really knows shell.
Anyway, here it is. Have fun and send improvements.
cheers,
teun
#! /bin/sh
# $Id$
# $URL$
### BEGIN INIT INFO
# Provides: tor
# Required-Start: $local_fs $remote_fs $network $named $time
# Required-Stop: $local_fs $remote_fs $network $named $time
# Should-Start: $syslog
# Should-Stop: $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Starts The Onion Router daemon processes
# Description: Start The Onion Router, a TCP overlay
# network client that provides anonymous
# transport.
### END INIT INFO
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=tor
DESC='tor daemon'
DAEMON=/usr/sbin/tor
CONFIG=/etc/tor
USER=debian-tor
ARGS=""
NICE=""
test -x $DAEMON || exit 0
test -e $CONFIG || exit 0
mkdir -p -m 02700 /var/run/tor
chown debian-tor:debian-tor /var/run/tor
# Include tor defaults if available
if [ -f /etc/default/tor ]
then
. /etc/default/tor
fi
command=$1
shift
instances=$*
instances() {
case $instances in '')
for c in $CONFIG/*.cfg
do
base=${c##*/}
test -f "$c" && echo ${base%.cfg}
done
;; *)
echo "$instances"
esac
}
start() {
start-stop-daemon --start --quiet -oknodo --pidfile /var/run/tor/$1.pid --make-pidfile $NICE --exec $DAEMON -- -f $CONFIG/$1.cfg $ARGS
}
stop() {
start-stop-daemon --stop --quiet --pidfile /var/run/tor/$1.pid --exec $DAEMON -- -f $CONFIG/$1.cfg $ARGS
}
reload() {
start-stop-daemon --stop --signal 1 --quiet --pidfile /var/run/tor/$1.pid --exec $DAEMON -- -f $CONFIG/$1.cfg $ARGS
}
isrunning() {
start-stop-daemon --stop --test --quiet --pidfile /var/run/tor/$1.pid --exec $DAEMON >/dev/null
}
case $command in
start)
if [ "$RUN_DAEMON" != "yes" ]; then
echo "Not starting $DESC (Disabled in $DEFAULTSFILE)."
exit 0
fi
echo -n "Starting $DESC:"
if ulimit -n 16000; then
echo "."
else
echo ": needed ulimit but FAILED."
exit 0
fi
done=' (none)'
for i in $(instances)
do
done=.
start $i
echo -n " $i"
done
echo $done
;;
stop)
echo -n "Stopping $DESC:"
done=' (none)'
for i in $(instances)
do
done=.
stop $i
echo -n " $i"
done
echo $done
;;
reload|force-reload)
# If the "reload" option is implemented, move the "force-reload"
# option to the "reload" entry above. If not, "force-reload" is
# just the same as "restart" except that it does nothing if the
# daemon isn't already running.
# check wether $DAEMON is running. If so, restart
echo -n "(Force-)reloading $DESC:"
done=' (none)'
for i in $(instances)
do
if isrunning $i
then
done=.
reload $i
echo -n " $i"
sleep 1
fi
done
echo $done
;;
restart)
echo -n "Restarting $DESC:"
done=' (none)'
for i in $(instances)
do
done=.
echo -n " $i"
if isrunning $i
then
stop $i
sleep 1
fi
start $i
done
echo $done
;;
status)
for i in $(instances)
do
if ! isrunning $i
then
exit 1
fi
done
exit 0
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2
exit 1
;;
esac
exit 0
SocksPort 0 SocksListenAddress 127.0.0.1 RunAsDaemon 1 DirPortFrontPage /etc/tor/tor-exit-notice.html User debian-tor HidServDirectoryV2 1 ContactInfo teun NumCpus 2 MaxOnionsPending 250 DownloadExtraInfo 1 RefuseUnknownExits 1 ClientDNSRejectInternalAddresses 1 #ExitPolicy reject *:* ExitPolicy reject 0.0.0.0/8:* ExitPolicy reject 169.254.0.0/16:* ExitPolicy reject 127.0.0.0/8:* ExitPolicy reject 192.168.0.0/16:* ExitPolicy reject 10.0.0.0/8:* ExitPolicy reject 172.16.0.0/12:* ExitPolicy reject *:25 ExitPolicy reject *:119 ExitPolicy reject *:135-139 ExitPolicy reject *:445 ExitPolicy reject *:465 ExitPolicy reject *:563 ExitPolicy reject *:587 ExitPolicy reject *:1214 ExitPolicy reject *:4661-4666 ExitPolicy reject *:6346-6429 ExitPolicy reject *:6660-6999 ExitPolicy accept *:* MyFamily $1E421969478A499B92682B2DA5075A0B89455C35,$753E0B5922E34BF98F0D21CC08EA7D1ADEEE2F6B,$6C2CB8D6084AD33DDCF641B85B6E187B99651A1A Nickname TORy0 RelayBandwidthRate 11000 KBytes RelayBandwidthBurst 12000 KBytes PidFile /var/run/tor/tor0.pid Log notice file /var/log/tor/notices0.log DataDirectory /var/lib/tor/tor0 Address 137.56.163.64 OutboundBindAddress 137.56.163.64 ORPort 443 ORListenAddress 137.56.163.64:443 Dirport 80 DirListenAddress 137.56.163.64:80
SocksPort 0 SocksListenAddress 127.0.0.1 RunAsDaemon 1 #DirPortFrontPage /etc/tor/tor-exit-notice.html User debian-tor #HidServDirectoryV2 1 ContactInfo teun NumCpus 2 MaxOnionsPending 250 DownloadExtraInfo 1 RefuseUnknownExits 1 ClientDNSRejectInternalAddresses 1 #ExitPolicy reject *:* ExitPolicy reject 0.0.0.0/8:* ExitPolicy reject 169.254.0.0/16:* ExitPolicy reject 127.0.0.0/8:* ExitPolicy reject 192.168.0.0/16:* ExitPolicy reject 10.0.0.0/8:* ExitPolicy reject 172.16.0.0/12:* ExitPolicy reject *:25 ExitPolicy reject *:119 ExitPolicy reject *:135-139 ExitPolicy reject *:445 ExitPolicy reject *:465 ExitPolicy reject *:563 ExitPolicy reject *:587 ExitPolicy reject *:1214 ExitPolicy reject *:4661-4666 ExitPolicy reject *:6346-6429 ExitPolicy reject *:6660-6999 ExitPolicy accept *:* MyFamily $1E421969478A499B92682B2DA5075A0B89455C35,$753E0B5922E34BF98F0D21CC08EA7D1ADEEE2F6B,$6C2CB8D6084AD33DDCF641B85B6E187B99651A1A Nickname TORy1 RelayBandwidthRate 11000 KBytes RelayBandwidthBurst 12000 KBytes PidFile /var/run/tor/tor1.pid Log notice file /var/log/tor/notices1.log DataDirectory /var/lib/tor/tor1 Address 137.56.163.64 OutboundBindAddress 137.56.163.64 ORPort 8080 ORListenAddress 137.56.163.64:8080 #Dirport 80 #DirListenAddress 137.56.163.64:80
SocksPort 0 SocksListenAddress 127.0.0.1 RunAsDaemon 1 DirPortFrontPage /etc/tor/tor-exit-notice.html User debian-tor HidServDirectoryV2 1 ContactInfo teun NumCpus 2 MaxOnionsPending 250 DownloadExtraInfo 1 RefuseUnknownExits 1 ClientDNSRejectInternalAddresses 1 #ExitPolicy reject *:* ExitPolicy reject 0.0.0.0/8:* ExitPolicy reject 169.254.0.0/16:* ExitPolicy reject 127.0.0.0/8:* ExitPolicy reject 192.168.0.0/16:* ExitPolicy reject 10.0.0.0/8:* ExitPolicy reject 172.16.0.0/12:* ExitPolicy reject *:25 ExitPolicy reject *:119 ExitPolicy reject *:135-139 ExitPolicy reject *:445 ExitPolicy reject *:465 ExitPolicy reject *:563 ExitPolicy reject *:587 ExitPolicy reject *:1214 ExitPolicy reject *:4661-4666 ExitPolicy reject *:6346-6429 ExitPolicy reject *:6660-6999 ExitPolicy accept *:* MyFamily $1E421969478A499B92682B2DA5075A0B89455C35,$753E0B5922E34BF98F0D21CC08EA7D1ADEEE2F6B,$6C2CB8D6084AD33DDCF641B85B6E187B99651A1A Nickname TORy2 RelayBandwidthRate 11000 KBytes RelayBandwidthBurst 12000 KBytes PidFile /var/run/tor/tor2.pid Log notice file /var/log/tor/notices2.log DataDirectory /var/lib/tor/tor2 Address 137.56.163.46 OutboundBindAddress 137.56.163.46 ORPort 443 ORListenAddress 137.56.163.46:443 Dirport 80 DirListenAddress 137.56.163.46:80
SocksPort 0 SocksListenAddress 127.0.0.1 RunAsDaemon 1 #DirPortFrontPage /etc/tor/tor-exit-notice.html User debian-tor #HidServDirectoryV2 1 ContactInfo teun NumCpus 2 MaxOnionsPending 250 DownloadExtraInfo 1 RefuseUnknownExits 1 ClientDNSRejectInternalAddresses 1 #ExitPolicy reject *:* ExitPolicy reject 0.0.0.0/8:* ExitPolicy reject 169.254.0.0/16:* ExitPolicy reject 127.0.0.0/8:* ExitPolicy reject 192.168.0.0/16:* ExitPolicy reject 10.0.0.0/8:* ExitPolicy reject 172.16.0.0/12:* ExitPolicy reject *:25 ExitPolicy reject *:119 ExitPolicy reject *:135-139 ExitPolicy reject *:445 ExitPolicy reject *:465 ExitPolicy reject *:563 ExitPolicy reject *:587 ExitPolicy reject *:1214 ExitPolicy reject *:4661-4666 ExitPolicy reject *:6346-6429 ExitPolicy reject *:6660-6999 ExitPolicy accept *:* MyFamily $1E421969478A499B92682B2DA5075A0B89455C35,$753E0B5922E34BF98F0D21CC08EA7D1ADEEE2F6B,$6C2CB8D6084AD33DDCF641B85B6E187B99651A1A Nickname TORy3 RelayBandwidthRate 11000 KBytes RelayBandwidthBurst 12000 KBytes PidFile /var/run/tor/tor3.pid Log notice file /var/log/tor/notices3.log DataDirectory /var/lib/tor/tor3 Address 137.56.163.46 OutboundBindAddress 137.56.163.46 ORPort 8080 ORListenAddress 137.56.163.46:8080 #Dirport 80 #DirListenAddress 137.56.163.46:80
Attachment:
signature.asc
Description: OpenPGP digital signature