Hi guys,
we moved from a Win to Linux with our tor exit node. The win was running fine no problems since we are running the the exit node on a Debian wheezy we got in trouble. The exit node is installed and configured with the how to on the official Tor website. The exit node is directly plugged in to the gateway. Its an DIR-655 http://support.dlink.com.tw/ which just have to run our internet traffic + the tor exit node.
Here is the torrc file:
Problem is that when the node is running i lose my internet on every other PC around. Connection is still there but it take years to resolve the names....so i figured it must be an DNS problem.
I hope you can help us.
Thanks in advance
VarVarna
On Wed, 21 Aug 2013 18:04:53 +0000, var wrote: ...
The exit node is directly plugged in to the gateway. Its an DIR-655 http://support.dlink.com.tw/ which just have to run our internet traffic + the tor exit node.
Does the exit node get a public IP address there?
...
Problem is that when the node is running i lose my internet on every other PC around. Connection is still there but it take years to resolve the names....so i figured it must be an DNS problem.
It may also be that your uplink is simply building up some delay when under heavy traffic (esp. uplink). I've seen ping times go up to several seconds on smallish DSL links under heavy upload so that DNS resolution times out.
Try to run, like, 'ping 8.8.8.8' and look at the ping times.
(8.8.8.8 is one of google's DNS servers, but that is only relevant as I can remember that address; we just need the ping replies.)
Andreas
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
var:
Hi guys,
we moved from a Win to Linux with our tor exit node. The win was running fine no problems since we are running the the exit node on a Debian wheezy we got in trouble. The exit node is installed and configured with the how to on the official Tor website. The exit node is directly plugged in to the gateway. Its an DIR-655 http://support.dlink.com.tw/ which just have to run our internet traffic + the tor exit node.
I strongly suspect that you are doing one or both of the following:
1 overloading your available outbound bandwidth, resulting in bufferbloat-related problems.
2 overloading the DIR-655's NAT state table with too many connections.
What version of Windows were you running on before? The 'Home' type versions have at various points had limits in the number or rate of TCP connections the OS would allow; Linux is far less limited.
Problem is that when the node is running i lose my internet on every other PC around. Connection is still there but it take years to resolve the names....so i figured it must be an DNS problem.
Either of the above would definitely cause symptoms like this.
I might try the following:
1. Turn Tor off completely and wait a while for other nodes to stop trying to hit your (now turned-off) relay. Then do several broadband speed tests. Average the numbers together for your OUTBOUND bandwidth in KB/sec, multiply by 0.7, and set RelayBandwidthRate to the resulting number (or smaller).
2. Turn off directory mirroring on your relay.
3. If you still have problems, figure out how many TCP connections are in ESTABLISHED, TIME_WAIT on the Tor relay box. If there are many (more than a couple hundred), consider either setting MaxAdvertisedBandwidth to 50% of your RelayBandwidthRate, or use iptables or other means to limit the total number of TCP connections your machine can accept from outside your LAN before it starts to drop packets.
Also, you might consider upgrading your router and/or using an alternative firmware.
Best, - -Gordon M.
tor-relays@lists.torproject.org