Hi, First, thanks for running a relay. Those settings do not ensure the EXIT traffic generated by your server goes via any proxy. OutboundBindAddress IP - this is the IP address Tor will use for outgoing connections. This is the IP address which will be seen by destinations accessed by Tor clients using your server, this is the IP address which will receive abuse complaints. HTTPSProxy service:port HTTPProxyAuthenticator name password These 2 settings refer for Tor usage as a CLIENT, not as a relay. This means that the proxy listed at HTTPSProxy will be used by your Tor to create its own circuits. They do not count for the relay usage. In simple words, if you use that Tor instance as a client (SocksPort 127.0.0.1:9050 or whatever) either locally on that VPS either via a SSH tunnel, and you build a circuit to connect to browse a website, Tor will connect to the Guard (1st relay in the hop) via the proxy at HTTPSProxy. But if I use your VPS as an exit in my circuit, the client functionality at your side has nothing to do with it, and I will just get the IP at OutboundBindAddress. What you are trying can be achieved via more complex upstream iptables rules, which will force all traffic going through a proxy. There is no torrc option for configuring a proxy for EXIT traffic. Also, an exit shouldn't only allow http/https traffic. I would go for the easy option here which is convincing your vps provider that: - your vps is not infected in any way and it only relays anonymous traffic for privacy concerned users, helping a global network of over 7000 volunteers - your vps is properly secured and uses up to date software and it is well protected from unauthorized authentications - you will keep the vps for as long as you can, and only the ip address of your vps will be affected, which is dedicated, their other customers will have no draw back of any kind - you will respond to all serious (non automated) abuse complaints send by authorities within 48 hours after they are forwarded to you. hope this helps, keep running exits! On 6/11/2016 1:49 PM, Dr Gerard Bulger wrote: > My tor exit node has been using a https proxy for a long time with great > success in that I have had no abuse complaints directed to me and my VPS > provider. Until recently. > > Traffic has increased as I made the bandwidth wider, which might be an > explanation. > > I am getting complaints directed to my actual IP. > It looks as if tor is sending data DIRECT and not obeying the lines > completely, all the time. TORRC > OutboundBindAddress IP (second IP of server) > HTTPSProxy service:port > HTTPProxyAuthenticator name password > When I took out the OutboundBindAddress I just got complaints directed to > the first IP. > > I assumed the lines FORCED proxy use. This might not be the case in higher > traffic? > > Gerry >
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays