[tor-relays] Re: Questions about running an exit relay

[forest-relay-contact--- via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello.

tor＠rehcamp.de wrote:
> First of all: Is this already a bad idea? Do you seperate tor relays
> and personal infrastructure physically or in VMs instead of
> containers?

It really depends on your setup and what its primary purpose is. If you
are planning to run multiple high-capacity relays and that is the whole
purpose of your setup, then I wouldn't use containers due to incurred
overhead. But there's nothing fundamentally wrong with running one that
way. You don't even need to run it in a container: On Debian at least,
the daemon will run unprivileged and with an AppArmor sandbox.

> Now, as netcup is my provider and they seem to tolerate exit nodes, I
> am thinking about allowing exits. I assume this would increase
> visibility of my server and maybe attract more attention.

More than a decade ago, this might have been an issue back before Tor
was mainstream. Nowadays, most people who are likely to encounter your
IP, including IP reputation databases, know what Tor is. Thousands of
people around the world run exits, so it's not going to draw personal
attention, just automated attention (e.g. DMCA notices, but as you say,
Netcup is tolerant of that).

> Do you think this is a reason not to open the relay for exits?

No, it should be fine unless there are other circumstances in play where
you would want to hide the fact that the server is running an exit. If
all your other domains are personal use (i.e. there are no business
policies that are being violated if you run corporate infrastructure),
then there's no significant problem. That is, unless you run a
self-hosted mail server. In that case, outgoing emails will always get
marked as spam since they'll share the IP of an exit!

I'm not familiar with Netcup's policies (I don't use them because they
already make up a significant fraction of Tor's bandwidth), but you will
want to make sure that your data is backed up, just on the off chance
that the service is terminated for abuse.

> Do you think this would be needed/enough? In this case, I would
> restrict the relay to IPv6-only exits.

Relays can't be IPv6-only yet. Even if you can use IPv4 for your ORPort
and IPv6 for the actual exiting traffic, the ORPort is public. I think
there's really no need to do that. It might actually make things worse
if some site sees the IPv6 address and naïvely searches a database of
ORPorts, fails to find that IPv6 there (because you are only exposing an
IPv4 ORPort), and concludes that it's not an exit but is genuinely a
malicious host. If anything, you *want* the extra "attention" because it
screams "I am not in control of this traffic, I am just an exit relay".

All the usual exit relay caveats apply, of course, but so long as you
are running on a provider that is exit-friendly and you don't care about
the reputation of that IP address (which is only really relevant if you
are self-hosting a mail server there), it sholud be completely fine to
run an exit relay. But please remember to either use Netcup's own DNS
server (if it has one) or a DoT/DoH server, not unencrypted 8.8.8.8. I
personally run my own local recursive DNS resolver (Unbound), but that
requires a second IPv4 address and you only have one. I'd be happy to
open it up over DoT so you can use it. It uses DNSSEC so it doesn't have
to be trusted.

And thank you for considering to run an exit!

Regards,
forest
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQtr8ZXhq/o01Qf/pow+TRLM+X4xgUCaVXTVwAKCRAw+TRLM+X4
xmgwAP4t1PxAaHrnxdYgFRHsyEqQjOU7FR/ouhU3S3Ny2rmYMQEAt/aKm1jnG/F5
EuveOiggDibQeUFy1o8lfqVqwQ2fagA=
=uUpH
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx