[tor-dev] Using routers as bridges
Rob van der Hoeven
robvanderhoeven at ziggo.nl
Thu Jul 14 13:44:12 UTC 2011
On Thu, 2011-07-14 at 13:22 +0100, Runa A. Sandvik wrote:
> On Thu, Jul 14, 2011 at 1:03 PM, Rob van der Hoeven
> <robvanderhoeven at ziggo.nl> wrote:
> > Hi folks,
> > Bridges serve as "unknown" entry points to the TOR network. For
> > part of the TOR network nodes are reserved and unlisted. This is not
> > good for the performance of the network, and because the network is
> > relatively small i think the unlisted-nodes strategy will only be a
> > short term solution.
> Roger wrote a good blog post about strategies for getting more bridge
> (you may have seen this already, it was written three months ago).
As a FreedomBox builder i'm very interested in TOR. I am not very
up-to-date however, so i have not read this article.
> > At the moment i'm working on my own FreedomBox. From this work i got
> > following idea: Why not use the DNAT function of a router to forward
> > traffic to a TOR node? This way you don't need unlisted nodes
> > router-bridge does not have to be a full TOR node....
> > Unfortunately the standard DNAT functionality of most routers only
> > support DNAT from the internet to internal addresses. So you need
> > modified firmware to make this work. Maybe a (slightly modified?)
> > version of OpenWRT will work.
> Have you heard about the Torouter project? We are currently working on
> two versions; the DreamPlug for technical users who don't mind doing
> some hacking on their own, and the Excito B3 for non-tech users. We
> have documented the project here:
> https://trac.torproject.org/projects/tor/wiki/doc/Torouter - Maybe
> this is something you'd like to help with?
The beauty of the DNAT solution is that the router does not have to run
TOR at all. Much more lightweight. To give you an example: configuring
my firewall to do internet-internet DNAT only involved 3 lines in the
configuration files (see Shorewall FAQ 1g)
More information about the tor-dev