Thanks for clarification. I will try LimitNOFILE = 6000. If that crashes my NAT box, I'm going to run a bridge.
Am 03.02.2018 um 12:38 schrieb teor:
On 3 Feb 2018, at 22:33, Moritz Kammerer kammerer.moritz@gmail.com wrote:
Hi,
I'm running a Tor relay on a Raspberry 2 behind a router using port forward. Relay bandwidth is set to 1 MByte / second. Tor is accepting so many connections that my Raspi can't keep up and my router is getting very slow (I assume because of a crappy NAT implementation). Bandwidth is not an issue, its the open connection count.
There is some extra client load on the network. This means that most relays are connecting to every other relay.
Is there a way to limit the maximum number of connections? I tried to apply a ulimit on open files via systemd, but Tor is then showing a warning.
systemd Limit NOFILE is a supported way to adjust Tor's file descriptor limit.
What was the limit? 1000? What was the warning?
At the moment I run a iptables rule which restricts the connection count to port 9001 (OR port) to 1000. But I'm not sure how this will affect the relay, for example Tor Metrics is showing the relay as offline.
If the warning said something like: "You need to have at least 6000 file descriptors to be a good relay" then what it said was true. Each relay needs to be able to connect to every other relay.
If other relays can't connect to your relay, it will be marked as down.
Try running a bridge, or getting a better NAT box.
T
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays