Hello,
I've setup a non-exit node so that I can contribute and understand the TOR network somewhat better. I've only had my node (jolexarelay1) up for a few weeks so it is still becoming a part of the network at guard status. So, as I understand my ISP, I can run an exit node if I "handle" abuse complaints to their standards. Now, since I have more idle bandwidth than idle time to "handle" complaints, I've often wondered about the reduced exit node strategy as seen at https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy - I'd like to allow ports in a methodical fashion such that I can test to see if a port generates complaints easily/quickly.
My question: If I want to "try" being an exit node and add allowed exit ports slowly, does that help the network or not? For example, month 1: allow port 22, month 2: allow IRC ports, and so-on. How does the client path selection work in this case - is it smart enough to pick my exit when needed?
Thanks for any insight, Jeremy
On 12/09/14 15:02, Jeremy Olexa wrote:
Hello,
I've setup a non-exit node so that I can contribute and understand the TOR network somewhat better. I've only had my node (jolexarelay1) up for a few weeks so it is still becoming a part of the network at guard status. So, as I understand my ISP, I can run an exit node if I "handle" abuse complaints to their standards. Now, since I have more idle bandwidth than idle time to "handle" complaints, I've often wondered about the reduced exit node strategy as seen at https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy - I'd like to allow ports in a methodical fashion such that I can test to see if a port generates complaints easily/quickly.
Hi Jeremy,
I received abuse complaints because some "bad" guys used HTTP (forum insults) and SSH (scanners) for example. I'm not sure how useful a tor exit node will be if you block http, https and ssh.
As soon as I told my hoster that I run a tor exit node, i stopped receiving these complaints, I'm sure this is not a coincidence.
My question: If I want to "try" being an exit node and add allowed exit ports slowly, does that help the network or not? For example, month 1: allow port 22, month 2: allow IRC ports, and so-on. How does the client path selection work in this case - is it smart enough to pick my exit when needed?
I think this is how tor work, if you request a connection on port XYZ it will select nodes that allow it.
Chris
Thanks for any insight, Jeremy _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi Jeremy,
On 09/12/2014 05:02 AM, Jeremy Olexa wrote:
My question: If I want to "try" being an exit node and add allowed exit ports slowly, does that help the network or not? For example, month 1: allow port 22, month 2: allow IRC ports, and so-on. How does the client path selection work in this case - is it smart enough to pick my exit when needed?
Yes and no. You can slowly add more ports, but unless you allow port 80, 443 and 6667 your relay won't get the Exit flag. [1] Tor clients preemptively open some circuits to such exits by default, and will use existing circuits unless none of the existing circuits allow the destination address or port. So, if you want to help "best", you should open at least these three ports. It is a fine strategy to then add more and more ports over time, but the other way round is also quite reasonable (starting with the Reduced Exit Policy and remove ports on complaints).
The Reduced Exit Policy is most helpful in reducing DMCA complaints for Bittorrent traffic: Bittorrent by default picks a random port, and it largely reduces the probability of your exit being picked if you just allow ~200 instead of 65534 ports.
Thanks for running a relay!
Moritz
[1] https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=dir-spec.tx...
On Fri, Sep 12, 2014 at 7:46 AM, Moritz Bartl moritz@torservers.net wrote:
Hi Jeremy,
On 09/12/2014 05:02 AM, Jeremy Olexa wrote:
My question: If I want to "try" being an exit node and add allowed exit ports slowly, does that help the network or not? For example, month 1: allow port 22, month 2: allow IRC ports, and so-on. How does the client path selection work in this case - is it smart enough to pick my exit when needed?
Yes and no. You can slowly add more ports, but unless you allow port 80, 443 and 6667 your relay won't get the Exit flag. [1] Tor clients preemptively open some circuits to such exits by default, and will use existing circuits unless none of the existing circuits allow the destination address or port. So, if you want to help "best", you should open at least these three ports. It is a fine strategy to then add more and more ports over time, but the other way round is also quite reasonable (starting with the Reduced Exit Policy and remove ports on complaints).
That is a great idea, thanks for the background info on the Exit flag. It looks like you need 2 of those 3 ports according to the spec.
The Reduced Exit Policy is most helpful in reducing DMCA complaints for Bittorrent traffic: Bittorrent by default picks a random port, and it largely reduces the probability of your exit being picked if you just allow ~200 instead of 65534 ports.
Makes sense, I'll be experimenting with the exit policy soon.
Thanks, -Jeremy
tor-relays@lists.torproject.org