[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Best Hardware for TOR server..
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Best Hardware for TOR server..
- From: "F. Fox" <kitsune.or@xxxxxxxxx>
- Date: Fri, 14 Dec 2007 17:33:36 -0800
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Fri, 14 Dec 2007 20:33:48 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; bh=UlSxc3K6iiq0hs5jINTAsQu0xR6OgTCOJI0XqYbcs/4=; b=PORuhS5zxtjmqnS8bIWEwiFebYo/qJLB5iNb1XbMnE5uNJxV29c9pMUQfMud96ZKyZsXHroYi9Cd4gZuzAMePugSJJcwsUMBvrzQ4nk6LnilTwtFNCfHI3eoZht9FI9kL85DurwSYqsZ6T3zpN/azpqgFbNauP+Os7qPx84no0Y=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=M3U9cRBYY0AmX5WBRGvMFgXYCMRuYMHCbFoUg9BGSOW1hLTj3Zv1ImdF7oITgTnVc8+xcpcHAnOFeTQ0mvnG2t+jPgkkYCTS4CyeSBMuguNAf87Mxn2B+lPiGpNUgdbzpO8/ydXI67AW0EyWnZgn/RXFqHDEsJ6rUwxN4Pg8rHM=
- In-reply-to: <47629CA8.2070504@xxxxxxxxxxx>
- References: <735271.91850.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <47629CA8.2070504@xxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 2.0.0.9 (Windows/20071031)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Holstein wrote:
(snip)
>> all behind a Linksys Firewall Router.
>
> This will be a problem. Cheap-o routers don't have enough memory to
> manage huge state tables. You'd be better off getting a second NIC card
> for the PC and just using the server to firewall/NAT your LAN, in
> addition to running TOR. If that scares you, just re-use an old PC and
> run Smoothwall on it (or any of the other many "appliance" distros that
> do this).
>
As long as the bandwidth you're passing through is relatively low, you
might get by with a custom firmware which lets you increase the size of
the conntrack state table.
Mine's a Linksys WRT54G v4, running HyperWRT+Thibor; I upped it to the
max allowed (8192 connections, 600 second timeout) without any problems
(and there's three machines behind it, one of them running virtual
machines).
Two caveats:
1.) The Linksys WRT54G v4 was the revision of that model with the most
CPU and RAM, others had less;
2.) If you're running a high-bandwidth node - and if you're not, it'd be
a waste of that nice shiny box of yours (unless you have it do other
things) - I doubt 8192 connections would do it, and you probably should
take Mr. Holstein's suggestion.
>> My service provider will most likely be Comcast cable broadband.
>>
>
> YMMV, but Comcrap will axe you if they know you're running servers, and
> they WILL know that if you decide to run an exit, because they'll get
> lots of complaints about it. I lost count of the number of complaints
> mine generated, but I still have copies of the various subpoenas I got (*).
(snip)
That sucks. What about if he runs a middleman node?
- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHYy7wbgkxCAzYBCMRAnb/AJ4h3Gfk1+b1y/X9KvSwRqqlZ/xM4gCgjBtK
XNrbOqd+RIo5VT0dCkcTf4U=
=n3h6
-----END PGP SIGNATURE-----