Exit policies pointing to IP blocks not appearing on Globe
Hi! I just setup a tor relay, encouraged by EFF's Tor Challenge. All I have is a domestic connection. I've read my TOS and my ISP seems to be very friendly to this case. Although I have a little suspicion about traffic shaping, my exit node seems to be running very well! I'm worried about one thing, though. I remember that a while ago, when I tried to access Facebook using a tor client, I saw a message telling that I was blocked for using the network. To avoid the other users of my network to be blocked due to the traffic in my exit node, I managed to add exit policies rejecting every IP block that belongs to Facebook. However, these exit policies don't appear in neither globe.torproject.com nor any site that provides information about nodes. Are these addresses being scrubbed? How do I make sure that these policies being applied? Thanks!
Hi there, Welcome to the club of Tor operators. While congratulating you, just wanna remind you not to mix your traffic with Tor exit traffic for clarity. For your specific question, after making changes in exit policy how long did you wait before checking on globe? On Monday, June 9, 2014 4:26 PM, Mendelson Gusmão <mendelsongusmao@gmail.com> wrote: Hi! I just setup a tor relay, encouraged by EFF's Tor Challenge. All I have is a domestic connection. I've read my TOS and my ISP seems to be very friendly to this case. Although I have a little suspicion about traffic shaping, my exit node seems to be running very well! I'm worried about one thing, though. I remember that a while ago, when I tried to access Facebook using a tor client, I saw a message telling that I was blocked for using the network. To avoid the other users of my network to be blocked due to the traffic in my exit node, I managed to add exit policies rejecting every IP block that belongs to Facebook. However, these exit policies don't appear in neither globe.torproject.com nor any site that provides information about nodes. Are these addresses being scrubbed? How do I make sure that these policies being applied? Thanks! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Jun 9, 2014, at 11:26 AM, Mendelson Gusmão <mendelsongusmao@gmail.com> wrote:
Hi! I just setup a tor relay, encouraged by EFF's Tor Challenge. All I have is a domestic connection. I've read my TOS and my ISP seems to be very friendly to this case. Although I have a little suspicion about traffic shaping, my exit node seems to be running very well!
I'm worried about one thing, though. I remember that a while ago, when I tried to access Facebook using a tor client, I saw a message telling that I was blocked for using the network. To avoid the other users of my network to be blocked due to the traffic in my exit node, I managed to add exit policies rejecting every IP block that belongs to Facebook. However, these exit policies don't appear in neither globe.torproject.com nor any site that provides information about nodes.
Are these addresses being scrubbed? How do I make sure that these policies being applied?
Thanks!
Anything that shares an IP with a Tor relay will be blocked from many common services, like Facebook, Skype, Hulu, etc. This may or may not be possible, depending on your arrangement with your ISP, but if you're running an exit relay, it would be optimal to run it on its own public IP, so all of the exit traffic is completely separated from any other traffic on the host (or your NATted public IP). You can use the OutboundBindAddress tag in torrc to force Tor to use the alternate IP. Jon
The list of IP blocks finally appeared on globe. The issue was with the ordination . I just put the IP blocks before the reduced policy and it worked. Talking about security, even "legal security"... My ISP provides only one IP address, so, would be better to run it as a non-exit relay? All I need is to remove all policies, except reject *:*? Thanks Mendelson Gusmão On Tue, Jun 10, 2014 at 12:11 PM, Jon Gardner <jon@brazoslink.net> wrote:
On Jun 9, 2014, at 11:26 AM, Mendelson Gusmão <mendelsongusmao@gmail.com> wrote:
Hi! I just setup a tor relay, encouraged by EFF's Tor Challenge. All I have is a domestic connection. I've read my TOS and my ISP seems to be very friendly to this case. Although I have a little suspicion about traffic shaping, my exit node seems to be running very well!
I'm worried about one thing, though. I remember that a while ago, when I tried to access Facebook using a tor client, I saw a message telling that I was blocked for using the network. To avoid the other users of my network to be blocked due to the traffic in my exit node, I managed to add exit policies rejecting every IP block that belongs to Facebook. However, these exit policies don't appear in neither globe.torproject.com nor any site that provides information about nodes.
Are these addresses being scrubbed? How do I make sure that these policies being applied?
Thanks!
Anything that shares an IP with a Tor relay will be blocked from many common services, like Facebook, Skype, Hulu, etc.
This may or may not be possible, depending on your arrangement with your ISP, but if you're running an exit relay, it would be optimal to run it on its own public IP, so all of the exit traffic is completely separated from any other traffic on the host (or your NATted public IP). You can use the OutboundBindAddress tag in torrc to force Tor to use the alternate IP.
Jon
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Tue, 10 Jun 2014 15:50:59 -0300 Mendelson Gusmão <mendelsongusmao@gmail.com> wrote:
Talking about security, even "legal security"... My ISP provides only one IP address, so, would be better to run it as a non-exit relay?
Depends on how comfortable you feel. As other posters have said, there is the possibility of effects on how your only public facing IP address 'gets treated'. If your ISP (and others) are not aware that you are running a Tor relay, they are (most likely) going to assume that what came from your IP address was you. I personally don't advocate running an exit from a domestic connection. But again, no one else can make this decision for you - it is down to how comfortable you are with it. :)
All I need is to remove all policies, except reject *:*?
Correct. --Matt
participants (4)
-
Contra Band -
Jon Gardner -
Matt Puckey -
Mendelson Gusmão