[tor-dev] Using routers as bridges
iang at cs.uwaterloo.ca
Thu Jul 14 12:39:44 UTC 2011
On Thu, Jul 14, 2011 at 02:03:34PM +0200, Rob van der Hoeven wrote:
> Hi folks,
> Bridges serve as "unknown" entry points to the TOR network. For this,
> part of the TOR network nodes are reserved and unlisted. This is not
> good for the performance of the network, and because the network is
> relatively small i think the unlisted-nodes strategy will only be a
> short term solution.
> At the moment i'm working on my own FreedomBox. From this work i got the
> following idea: Why not use the DNAT function of a router to forward TOR
> traffic to a TOR node? This way you don't need unlisted nodes anymore. A
> router-bridge does not have to be a full TOR node....
> Unfortunately the standard DNAT functionality of most routers only
> support DNAT from the internet to internal addresses. So you need
> modified firmware to make this work. Maybe a (slightly modified?)
> version of OpenWRT will work.
> Router-bridges have a second advantage over real TOR nodes. They can be
> easily moved. If a router-bridge gets blocked, you can simply give the
> router-bridge to a friend.
> To give you an example of internet-internet DNAT i have configured one
> of my systems to forward traffic to the TOR website. The URL is:
> (If you try the URL you get a message about an invalid certificate of
> Let me know what you think about this idea...
> Rob van der Hoeven.
What's happening to the reply packets? Do you also SNAT so that the
replies come back to you, or is it doing triangle routing?
More information about the tor-dev