Running a Relay behind a NAT (was Re: unflagged BAD EXIT nodes)
Date: Sat, 4 Jul 2015 19:34:45 -0400 From: Ben Serebin <ben@reefsolutions.com> Subject: Re: [tor-relays] unflagged BAD EXIT nodes
?I'll hijack the response.... I'm a sysadmin, an unloved Windows one. My unwanted $0.02 are:
- Windows installer (omg, Windows, the evil one which if you really want greater adoption is the answer! Oh smokes, someone said it!
I agree that relay installers, particularly for non-Linux platforms, would help increase Tor's platform diversity. But platform diversity isn't a large part of Tor's threat model, as its impact is mainly felt through vulnerabilities shared by an entire platform. Currently, it looks like 90% of the Tor relays are Linux, by count of relays. (I believe the weighted bandwidth statistic is much higher than 90%.) https://metrics.torproject.org/platforms.html One suggestion I've heard, but that isn't ideal, is to download the Tor Browser Bundle, and modify the torrc in it to run a relay. That said, a relay operator really needs to know how to download, install, and configure a service on a secured server. So that's one reason a one-click installer is a bad idea.
- change the architecture so running behind nat works (this is probably the #1 limit factor for increasing relays). Every tom, dick, and harry could then add bandwidth via every internet circuit. It would be insane!
Tor relays run quite fine behind a NAT, as long as the NAT box handles the number of connections which tor makes. There's even src/tools/tor-fw-helper, which supports NAT-PMP and UPnP. It can be configured via the torrc option: PortForwarding 1 Or, you can configure your NAT box to forward ports yourself. Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com pgp ABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
On 5 Jul 2015, at 11:37 , teor <teor2345@gmail.com> wrote:
Date: Sat, 4 Jul 2015 19:34:45 -0400 From: Ben Serebin <ben@reefsolutions.com> Subject: Re: [tor-relays] unflagged BAD EXIT nodes
?I'll hijack the response.... I'm a sysadmin, an unloved Windows one. My unwanted $0.02 are:
- Windows installer (omg, Windows, the evil one which if you really want greater adoption is the answer! Oh smokes, someone said it!
I agree that relay installers, particularly for non-Linux platforms, would help increase Tor's platform diversity. But platform diversity isn't a large part of Tor's threat model, as its impact is mainly felt through vulnerabilities shared by an entire platform.
Currently, it looks like 90% of the Tor relays are Linux, by count of relays. (I believe the weighted bandwidth statistic is much higher than 90%.) https://metrics.torproject.org/platforms.html
One suggestion I've heard, but that isn't ideal, is to download the Tor Browser Bundle, and modify the torrc in it to run a relay.
That said, a relay operator really needs to know how to download, install, and configure a service on a secured server. So that's one reason a one-click installer is a bad idea.
- change the architecture so running behind nat works (this is probably the #1 limit factor for increasing relays). Every tom, dick, and harry could then add bandwidth via every internet circuit. It would be insane!
Tor relays run quite fine behind a NAT, as long as the NAT box handles the number of connections which tor makes.
There's even src/tools/tor-fw-helper, which supports NAT-PMP and UPnP. It can be configured via the torrc option: PortForwarding 1
Or, you can configure your NAT box to forward ports yourself.
Don't use PortForwarding or src/tools/tor-fw-helper, just configure your NAT box to forward ports. It's much more reliable, and you can see exactly what's configured. Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com pgp ABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
participants (1)
-
teor