[tor-dev] Using routers as bridges

Ian Goldberg iang at cs.uwaterloo.ca
Thu Jul 14 12:39:44 UTC 2011


On Thu, Jul 14, 2011 at 02:03:34PM +0200, Rob van der Hoeven wrote:
> Hi folks,
> 
> Bridges serve as "unknown" entry points to the TOR network. For this,
> part of the TOR network nodes are reserved and unlisted. This is not
> good for the performance of the network, and because the network is
> relatively small i think the unlisted-nodes strategy will only be a
> short term solution.
> 
> At the moment i'm working on my own FreedomBox. From this work i got the
> following idea: Why not use the DNAT function of a router to forward TOR
> traffic to a TOR node? This way you don't need unlisted nodes anymore. A
> router-bridge does not have to be a full TOR node....
> 
> Unfortunately the standard DNAT functionality of most routers only
> support DNAT from the internet to internal addresses. So you need
> modified firmware to make this work. Maybe a (slightly modified?)
> version of OpenWRT will work.
> 
> Router-bridges have a second advantage over real TOR nodes. They can be
> easily moved. If a router-bridge gets blocked, you can simply give the
> router-bridge to a friend.
> 
> To give you an example of internet-internet DNAT i have configured one
> of my systems to forward traffic to the TOR website. The URL is:
> 
> https://wordpress.hoevenstein.nl/
> 
> (If you try the URL you get a message about an invalid certificate of
> course)
> 
> Let me know what you think about this idea...
> Rob van der Hoeven.
> http://freedomboxblog.nl

What's happening to the reply packets?  Do you also SNAT so that the
replies come back to you, or is it doing triangle routing?

   - Ian


More information about the tor-dev mailing list