Today, I wanted to try to see how the Internet looks behind the Great Firewall of China. I used a public HTTP proxy list (http://spys.ru/free-proxy-list/CN/) listing Chinese proxy servers (meaning getting into Chinese censorship from the US, not bypassing it in China), and guess what? I was already blocked. Why? I suspect that I was running a Tor relay from my home connection (https://atlas.torproject.org/#details/A20840A16CB658024B0D3A0E3F19A9C0E34C84...).
Some Chinese websites do load, but many of those who do usually have a CDN outside the Chinese firewall. For example, I can visit AliExpress from my home computer without Tor, but I can't visit 163.com or 2345.com.
While I don't care at all for Chinese websites, there are people who do. If you want to access Chinese websites AND run a Tor relay on the same IP address, you may be screwed. Surprisingly, I can sometimes visit Chinese websites over Tor, but it's about as reliable as having Comcast as your home ISP.
Proof: telnet 2345.com Optimum Online 100/35 in Westchester County, NY, home computer on same connection as Tor middle node (https://atlas.torproject.org/#details/A20840A16CB658024B0D3A0E3F19A9C0E34C84...):
neel@megora:~ % telnet 2345.com 80 Trying 42.62.30.180... telnet: connect to address 42.62.30.180: Operation timed out telnet: Unable to connect to remote host neel@megora:~ %
Verizon FiOS 50/50 in Brooklyn, NY, Tor middle node (https://atlas.torproject.org/#details/D5B8C38539C509380767D4DE20DE84CF84EE82...) (this connection isn't exclusive to Tor, it's used when I am in Brooklyn as well):
neel@kat:~ % telnet 2345.com 80 Trying 42.62.30.180... telnet: connect to address 42.62.30.180: Operation timed out telnet: Unable to connect to remote host neel@kat:~ %
Total Server Solutions in Los Angeles, CA (via an ITL VPS), Tor exit node (https://atlas.torproject.org/#details/0D8211D34F29F51D690303E319766E1B7C28BA...):
neel@us-west:~ % telnet 2345.com 80 Trying 42.62.30.180... telnet: connect to address 42.62.30.180: Operation timed out telnet: Unable to connect to remote host neel@us-west:~ %
Vultr VPS in New Jersey, non-Tor IP used for this website:
neel@newwww:~ % telnet 2345.com 80 Trying 42.62.30.180... Connected to 2345.com. Escape character is '^]'. ^] telnet> quit Connection closed. neel@newwww:~ %
It seems that IP addresses used for Tor nodes are blocked by the Chinese firewall, even if the same IP address used for a Tor node is accessing a Chinese website outside of Tor. And the little bit of the Chinese Internet which can be accessed on the same IP address as a Tor node is usually on a CDN outside of the Great Firewall.
Keep in mind that this article is also available on my website at this URL: https://www.neelc.org/psa-if-youre-running-a-tor-relay-and-are-accessing-a-c... (https://www.neelc.org/psa-if-youre-running-a-tor-relay-and-are-accessing-a-c...)
On Sun, 23 Jul 2017 17:13:04 +0000 neel@neelc.org wrote:
Today, I wanted to try to see how the Internet looks behind the Great Firewall of China. I used a public HTTP proxy list (http://spys.ru/free-proxy-list/CN/) listing Chinese proxy servers (meaning getting into Chinese censorship from the US, not bypassing it in China), and guess what? I was already blocked. Why? I suspect that I was running a Tor relay from my home connection (https://atlas.torproject.org/#details/A20840A16CB658024B0D3A0E3F19A9C0E34C84...).
Some Chinese websites do load, but many of those who do usually have a CDN outside the Chinese firewall. For example, I can visit AliExpress from my home computer without Tor, but I can't visit 163.com or 2345.com.
I can confirm it with 163.com and 2345.com, inaccessible from 3 current Tor relays, and accessible from 3 non-Tor hosts.
Also if a host has been running Tor in the past, but doesn't anymore, it appears to regain access to those Chinese sites, i.e. the blocking is not permanent, the list of Tor nodes is rechecked periodically and those IPs which are no longer in it get removed from the block list.
tor-relays@lists.torproject.org