On 18 Dec 2017, at 02:45, Logforme m7527@abc.se wrote:
My relay ran out of connections once and also crashed once so I followed the suggestions in the "DoS attacks are real (probably)" thread and implemented connection limits in my firewall. Everything have run smoothly since.
My only concern is how low I can set the number of connections per IP address. Someone wrote a legit client will only open max 2 tcp connections. I'd like this verified before I lower my limits further.
A standard tor client will only open one connection to each guard.
But please don't assume there is only one client per IPv4 address. Many networks and even entire countries have a very small IPv4 address allocation. If you restrict it to one connection per IP address, you will be restricting some of the people who need tor the most. And you will push the load onto a smaller set of guards.
Using 256 per IP is probably reasonable.
If we manage to fix some bugs in the socket limits in Tor, we can activate them only when the relay is under heavy load, which is even better.
T