[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Running a Relay behind a NAT (was Re: unflagged BAD EXIT nodes)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Running a Relay behind a NAT (was Re: unflagged BAD EXIT nodes)
From: teor <teor2345@xxxxxxxxx>
Date: Sun, 5 Jul 2015 11:43:48 +1000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 04 Jul 2015 21:44:09 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=/WsovjUG44QMa2ZQ+1dX4HxAjZljTUhIMLPZhMQxODI=; b=c5KrLIcMcS4ofIR1AjbkK2F+rWl2YbXwPWb8kMfy9ZBVtcF17bcqqKbsJJdXt9wrLr GDkWcJhtvHFPCqi1idj59WWwKxGCsPURGrk2fHDpPeM1mI1QaYdxroNbXmWwsjZDWLlA Miwc1/kvUW2I7TzWRCM4knCzFSnCYpP2E0BPrgDZB7N9OdZAY37qQK+g071b1jfixE9t A8nIaWVNXdRbzPtLQF136CAYsDDzhmDeCtkmF9CF9rzTgPbPpiJWbWMGwyUlqlns8pfz 5RFBAIhyLoYbX4rZuIt9ydppP/U9k3F4C3A8d2uN9pXsy/YVzhlw5sVN7WbyQd81Crji jCzQ==
In-reply-to: <26CB7816-2E9A-4777-B82E-37E2B76CEE78@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <mailman.1324.1436057012.2723.tor-relays@xxxxxxxxxxxxxxxxxxxx> <26CB7816-2E9A-4777-B82E-37E2B76CEE78@xxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

> On 5 Jul 2015, at 11:37 , teor <teor2345@xxxxxxxxx> wrote:
> 
>> Date: Sat, 4 Jul 2015 19:34:45 -0400
>> From: Ben Serebin <ben@xxxxxxxxxxxxxxxxx>
>> Subject: Re: [tor-relays] unflagged BAD EXIT nodes
>> 
>> ?I'll hijack the response.... I'm a sysadmin, an unloved Windows one. My unwanted $0.02 are:
>> 
>> - Windows installer (omg, Windows, the evil one which if you really want greater adoption is the answer! Oh smokes, someone said it!
> 
> I agree that relay installers, particularly for non-Linux platforms, would help increase Tor's platform diversity. But platform diversity isn't a large part of Tor's threat model, as its impact is mainly felt through vulnerabilities shared by an entire platform.
> 
> Currently, it looks like 90% of the Tor relays are Linux, by count of relays.
> (I believe the weighted bandwidth statistic is much higher than 90%.)
> https://metrics.torproject.org/platforms.html
> 
> One suggestion I've heard, but that isn't ideal, is to download the Tor Browser Bundle, and modify the torrc in it to run a relay.
> 
> That said, a relay operator really needs to know how to download, install, and configure a service on a secured server. So that's one reason a one-click installer is a bad idea.
> 
>> - change the architecture so running behind nat works (this is probably the #1 limit factor for increasing relays). Every tom, dick, and harry could then add bandwidth via every internet circuit. It would be insane!
> 
> Tor relays run quite fine behind a NAT, as long as the NAT box handles the number of connections which tor makes.
> 
> There's even src/tools/tor-fw-helper, which supports NAT-PMP and UPnP.
> It can be configured via the torrc option:
> PortForwarding 1
> 
> Or, you can configure your NAT box to forward ports yourself.

Don't use PortForwarding or src/tools/tor-fw-helper, just configure your NAT box to forward ports. It's much more reliable, and you can see exactly what's configured.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
pgp ABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5

teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Running a Relay behind a NAT (was Re: unflagged BAD EXIT nodes)
  - From: teor

Prev by Author: [tor-relays] Running a Relay behind a NAT (was Re: unflagged BAD EXIT nodes)
Next by Author: Re: [tor-relays] Simplifying ExoneraTor
Previous by thread: [tor-relays] Running a Relay behind a NAT (was Re: unflagged BAD EXIT nodes)
Next by thread: [tor-relays] Question about responding to abuse request
Index(es):
- Author
- Thread