Hi, a couple of weeks ago the exitnode tory.uvt.nl started its first process TORy0. It runs on a dual quadcore with 8GB and has a 1 Gb/s connection to a Cisco, which has a 10 Gb/s path into AMS-IX. Each core is: processor : 7 vendor_id : GenuineIntel cpu family : 6 model : 15 model name : Intel(R) Xeon(R) CPU E5335 @ 2.00GHz stepping : 11 cpu MHz : 2000.070 cache size : 4096 KB Currently the TORy1 to TORy3 instances are slowly speeding up. The machine runs Linux version 2.6.26-2-amd64 (Debian 2.6.26-24lenny1), currently without any of the high performance tuning that was discussed lately. Even iptables does its usual work. Olaf helped me with his /etc/tor/torrc setup, but I kludged a /etc/init.d/tor version with the objective that a reboot starts the TOR instances for all /etc/tor/tor*.cfg files while still allowing manual commands like sudo /usr/sbin/invoke-rc.d tor reload tor2 tor4 No doubt someone will do better, but I love the instances() procedure in general and the line base=${c##*/} in particular. I stole it from a colleague who really knows shell. Anyway, here it is. Have fun and send improvements. cheers, teun
#! /bin/sh # $Id$ # $URL$ ### BEGIN INIT INFO # Provides: tor # Required-Start: $local_fs $remote_fs $network $named $time # Required-Stop: $local_fs $remote_fs $network $named $time # Should-Start: $syslog # Should-Stop: $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Starts The Onion Router daemon processes # Description: Start The Onion Router, a TCP overlay # network client that provides anonymous # transport. ### END INIT INFO set -e PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin NAME=tor DESC='tor daemon' DAEMON=/usr/sbin/tor CONFIG=/etc/tor USER=debian-tor ARGS="" NICE="" test -x $DAEMON || exit 0 test -e $CONFIG || exit 0 mkdir -p -m 02700 /var/run/tor chown debian-tor:debian-tor /var/run/tor # Include tor defaults if available if [ -f /etc/default/tor ] then . /etc/default/tor fi command=$1 shift instances=$* instances() { case $instances in '') for c in $CONFIG/*.cfg do base=${c##*/} test -f "$c" && echo ${base%.cfg} done ;; *) echo "$instances" esac } start() { start-stop-daemon --start --quiet -oknodo --pidfile /var/run/tor/$1.pid --make-pidfile $NICE --exec $DAEMON -- -f $CONFIG/$1.cfg $ARGS } stop() { start-stop-daemon --stop --quiet --pidfile /var/run/tor/$1.pid --exec $DAEMON -- -f $CONFIG/$1.cfg $ARGS } reload() { start-stop-daemon --stop --signal 1 --quiet --pidfile /var/run/tor/$1.pid --exec $DAEMON -- -f $CONFIG/$1.cfg $ARGS } isrunning() { start-stop-daemon --stop --test --quiet --pidfile /var/run/tor/$1.pid --exec $DAEMON >/dev/null } case $command in start) if [ "$RUN_DAEMON" != "yes" ]; then echo "Not starting $DESC (Disabled in $DEFAULTSFILE)." exit 0 fi echo -n "Starting $DESC:" if ulimit -n 16000; then echo "." else echo ": needed ulimit but FAILED." exit 0 fi done=' (none)' for i in $(instances) do done=. start $i echo -n " $i" done echo $done ;; stop) echo -n "Stopping $DESC:" done=' (none)' for i in $(instances) do done=. stop $i echo -n " $i" done echo $done ;; reload|force-reload) # If the "reload" option is implemented, move the "force-reload" # option to the "reload" entry above. If not, "force-reload" is # just the same as "restart" except that it does nothing if the # daemon isn't already running. # check wether $DAEMON is running. If so, restart echo -n "(Force-)reloading $DESC:" done=' (none)' for i in $(instances) do if isrunning $i then done=. reload $i echo -n " $i" sleep 1 fi done echo $done ;; restart) echo -n "Restarting $DESC:" done=' (none)' for i in $(instances) do done=. echo -n " $i" if isrunning $i then stop $i sleep 1 fi start $i done echo $done ;; status) for i in $(instances) do if ! isrunning $i then exit 1 fi done exit 0 ;; *) echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2 exit 1 ;; esac exit 0
SocksPort 0 SocksListenAddress 127.0.0.1 RunAsDaemon 1 DirPortFrontPage /etc/tor/tor-exit-notice.html User debian-tor HidServDirectoryV2 1 ContactInfo teun NumCpus 2 MaxOnionsPending 250 DownloadExtraInfo 1 RefuseUnknownExits 1 ClientDNSRejectInternalAddresses 1 #ExitPolicy reject *:* ExitPolicy reject 0.0.0.0/8:* ExitPolicy reject 169.254.0.0/16:* ExitPolicy reject 127.0.0.0/8:* ExitPolicy reject 192.168.0.0/16:* ExitPolicy reject 10.0.0.0/8:* ExitPolicy reject 172.16.0.0/12:* ExitPolicy reject *:25 ExitPolicy reject *:119 ExitPolicy reject *:135-139 ExitPolicy reject *:445 ExitPolicy reject *:465 ExitPolicy reject *:563 ExitPolicy reject *:587 ExitPolicy reject *:1214 ExitPolicy reject *:4661-4666 ExitPolicy reject *:6346-6429 ExitPolicy reject *:6660-6999 ExitPolicy accept *:* MyFamily $1E421969478A499B92682B2DA5075A0B89455C35,$753E0B5922E34BF98F0D21CC08EA7D1ADEEE2F6B,$6C2CB8D6084AD33DDCF641B85B6E187B99651A1A Nickname TORy0 RelayBandwidthRate 11000 KBytes RelayBandwidthBurst 12000 KBytes PidFile /var/run/tor/tor0.pid Log notice file /var/log/tor/notices0.log DataDirectory /var/lib/tor/tor0 Address 137.56.163.64 OutboundBindAddress 137.56.163.64 ORPort 443 ORListenAddress 137.56.163.64:443 Dirport 80 DirListenAddress 137.56.163.64:80
SocksPort 0 SocksListenAddress 127.0.0.1 RunAsDaemon 1 #DirPortFrontPage /etc/tor/tor-exit-notice.html User debian-tor #HidServDirectoryV2 1 ContactInfo teun NumCpus 2 MaxOnionsPending 250 DownloadExtraInfo 1 RefuseUnknownExits 1 ClientDNSRejectInternalAddresses 1 #ExitPolicy reject *:* ExitPolicy reject 0.0.0.0/8:* ExitPolicy reject 169.254.0.0/16:* ExitPolicy reject 127.0.0.0/8:* ExitPolicy reject 192.168.0.0/16:* ExitPolicy reject 10.0.0.0/8:* ExitPolicy reject 172.16.0.0/12:* ExitPolicy reject *:25 ExitPolicy reject *:119 ExitPolicy reject *:135-139 ExitPolicy reject *:445 ExitPolicy reject *:465 ExitPolicy reject *:563 ExitPolicy reject *:587 ExitPolicy reject *:1214 ExitPolicy reject *:4661-4666 ExitPolicy reject *:6346-6429 ExitPolicy reject *:6660-6999 ExitPolicy accept *:* MyFamily $1E421969478A499B92682B2DA5075A0B89455C35,$753E0B5922E34BF98F0D21CC08EA7D1ADEEE2F6B,$6C2CB8D6084AD33DDCF641B85B6E187B99651A1A Nickname TORy1 RelayBandwidthRate 11000 KBytes RelayBandwidthBurst 12000 KBytes PidFile /var/run/tor/tor1.pid Log notice file /var/log/tor/notices1.log DataDirectory /var/lib/tor/tor1 Address 137.56.163.64 OutboundBindAddress 137.56.163.64 ORPort 8080 ORListenAddress 137.56.163.64:8080 #Dirport 80 #DirListenAddress 137.56.163.64:80
SocksPort 0 SocksListenAddress 127.0.0.1 RunAsDaemon 1 DirPortFrontPage /etc/tor/tor-exit-notice.html User debian-tor HidServDirectoryV2 1 ContactInfo teun NumCpus 2 MaxOnionsPending 250 DownloadExtraInfo 1 RefuseUnknownExits 1 ClientDNSRejectInternalAddresses 1 #ExitPolicy reject *:* ExitPolicy reject 0.0.0.0/8:* ExitPolicy reject 169.254.0.0/16:* ExitPolicy reject 127.0.0.0/8:* ExitPolicy reject 192.168.0.0/16:* ExitPolicy reject 10.0.0.0/8:* ExitPolicy reject 172.16.0.0/12:* ExitPolicy reject *:25 ExitPolicy reject *:119 ExitPolicy reject *:135-139 ExitPolicy reject *:445 ExitPolicy reject *:465 ExitPolicy reject *:563 ExitPolicy reject *:587 ExitPolicy reject *:1214 ExitPolicy reject *:4661-4666 ExitPolicy reject *:6346-6429 ExitPolicy reject *:6660-6999 ExitPolicy accept *:* MyFamily $1E421969478A499B92682B2DA5075A0B89455C35,$753E0B5922E34BF98F0D21CC08EA7D1ADEEE2F6B,$6C2CB8D6084AD33DDCF641B85B6E187B99651A1A Nickname TORy2 RelayBandwidthRate 11000 KBytes RelayBandwidthBurst 12000 KBytes PidFile /var/run/tor/tor2.pid Log notice file /var/log/tor/notices2.log DataDirectory /var/lib/tor/tor2 Address 137.56.163.46 OutboundBindAddress 137.56.163.46 ORPort 443 ORListenAddress 137.56.163.46:443 Dirport 80 DirListenAddress 137.56.163.46:80
SocksPort 0 SocksListenAddress 127.0.0.1 RunAsDaemon 1 #DirPortFrontPage /etc/tor/tor-exit-notice.html User debian-tor #HidServDirectoryV2 1 ContactInfo teun NumCpus 2 MaxOnionsPending 250 DownloadExtraInfo 1 RefuseUnknownExits 1 ClientDNSRejectInternalAddresses 1 #ExitPolicy reject *:* ExitPolicy reject 0.0.0.0/8:* ExitPolicy reject 169.254.0.0/16:* ExitPolicy reject 127.0.0.0/8:* ExitPolicy reject 192.168.0.0/16:* ExitPolicy reject 10.0.0.0/8:* ExitPolicy reject 172.16.0.0/12:* ExitPolicy reject *:25 ExitPolicy reject *:119 ExitPolicy reject *:135-139 ExitPolicy reject *:445 ExitPolicy reject *:465 ExitPolicy reject *:563 ExitPolicy reject *:587 ExitPolicy reject *:1214 ExitPolicy reject *:4661-4666 ExitPolicy reject *:6346-6429 ExitPolicy reject *:6660-6999 ExitPolicy accept *:* MyFamily $1E421969478A499B92682B2DA5075A0B89455C35,$753E0B5922E34BF98F0D21CC08EA7D1ADEEE2F6B,$6C2CB8D6084AD33DDCF641B85B6E187B99651A1A Nickname TORy3 RelayBandwidthRate 11000 KBytes RelayBandwidthBurst 12000 KBytes PidFile /var/run/tor/tor3.pid Log notice file /var/log/tor/notices3.log DataDirectory /var/lib/tor/tor3 Address 137.56.163.46 OutboundBindAddress 137.56.163.46 ORPort 8080 ORListenAddress 137.56.163.46:8080 #Dirport 80 #DirListenAddress 137.56.163.46:80
Attachment:
signature.asc
Description: OpenPGP digital signature