[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Running a Relay behind a NAT (was Re: unflagged BAD EXIT nodes)



> Date: Sat, 4 Jul 2015 19:34:45 -0400
> From: Ben Serebin <ben@xxxxxxxxxxxxxxxxx>
> Subject: Re: [tor-relays] unflagged BAD EXIT nodes
> 
> ?I'll hijack the response.... I'm a sysadmin, an unloved Windows one. My unwanted $0.02 are:
> 
> - Windows installer (omg, Windows, the evil one which if you really want greater adoption is the answer! Oh smokes, someone said it!

I agree that relay installers, particularly for non-Linux platforms, would help increase Tor's platform diversity. But platform diversity isn't a large part of Tor's threat model, as its impact is mainly felt through vulnerabilities shared by an entire platform.

Currently, it looks like 90% of the Tor relays are Linux, by count of relays.
(I believe the weighted bandwidth statistic is much higher than 90%.)
https://metrics.torproject.org/platforms.html

One suggestion I've heard, but that isn't ideal, is to download the Tor Browser Bundle, and modify the torrc in it to run a relay.

That said, a relay operator really needs to know how to download, install, and configure a service on a secured server. So that's one reason a one-click installer is a bad idea.

> - change the architecture so running behind nat works (this is probably the #1 limit factor for increasing relays). Every tom, dick, and harry could then add bandwidth via every internet circuit. It would be insane!

Tor relays run quite fine behind a NAT, as long as the NAT box handles the number of connections which tor makes.

There's even src/tools/tor-fw-helper, which supports NAT-PMP and UPnP.
It can be configured via the torrc option:
PortForwarding 1

Or, you can configure your NAT box to forward ports yourself.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
pgp ABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5

teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays