[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Problem with new multiple-instance exit nodes never showing up in directory (cached consensus)

On 7/26/12, Name Withheld <survivd@xxxxxxxxx> wrote:
> Thank you for the response.  I'm assuming you're implying option A) (get
> the dirauth operators to increase the value) is not actually serious.
> Please correct me if I'm wrong (because I see know way of going about
> this).

It's not the easiest option, but it is possible.  If you can make a
convincing argument that whichever value you want them to set is still
low enough to not make serious attacks significantly easier, or that
raising the limit will let a significant amount of âgoodâ relay
capacity enter the network, the limit will probably be raised.

It might be even easier to persuade âenoughâ dirauth operators to try
raising the limit and see whether the result is âgoodâ or âbadâ in
various ways; if nothing especially bad happens after a week or two,
they'll probably change the default limit.

> For B), this is probably a total newbie question, since I've never had to
> run a program like this before.  If I can get a second IP from the ISP for
> the same physical server, is there a configuration option in Debian (or
> something in the torrc file) I'll need to set to get it to the additional
> tor daemons binding to the secondary address?

I have no idea how to configure your OS to allow you to use a second
IP address.  That sounds like a common task, though, so there must be
instructions for it somewhere.

To configure Tor to listen on a specific IP address: Use Tor 0.2.3.x
on the relay, specify an IP address on your ORPort torrc line, and if
Tor refuses to start, read and act on its log messages.  (Bonus points
for reading the log messages yourself instead of pasting them into
e-mail or IRC and waiting for someone else to echo them back to you.)

You might need to specify an IP address explicitly for all of the
relays (even the ones you want to listen on your server's default IP
address); being explicit about that certainly won't hurt anything on a
server with static IP addresses.  I recommend continuing to use a
different ORPort for each Tor instance, since some/many/most censoring
firewalls censor connections with different server ports in different

Robert Ransom
tor-talk mailing list