[tor-dev] Using routers as bridges

Rob van der Hoeven robvanderhoeven at ziggo.nl
Thu Jul 14 13:44:12 UTC 2011


On Thu, 2011-07-14 at 13:22 +0100, Runa A. Sandvik wrote:
> On Thu, Jul 14, 2011 at 1:03 PM, Rob van der Hoeven
> <robvanderhoeven at ziggo.nl> wrote:
> > Hi folks,
> 
> Hi,
> 
> > Bridges serve as "unknown" entry points to the TOR network. For
this,
> > part of the TOR network nodes are reserved and unlisted. This is not
> > good for the performance of the network, and because the network is
> > relatively small i think the unlisted-nodes strategy will only be a
> > short term solution.
> 
> Roger wrote a good blog post about strategies for getting more bridge
> addresses:
https://blog.torproject.org/blog/strategies-getting-more-bridge-addresses
> (you may have seen this already, it was written three months ago).
> 

As a FreedomBox builder i'm very interested in TOR. I am not very
up-to-date however, so i have not read this article.

> > At the moment i'm working on my own FreedomBox. From this work i got
the
> > following idea: Why not use the DNAT function of a router to forward
TOR
> > traffic to a TOR node? This way you don't need unlisted nodes
anymore. A
> > router-bridge does not have to be a full TOR node....
> >
> > Unfortunately the standard DNAT functionality of most routers only
> > support DNAT from the internet to internal addresses. So you need
> > modified firmware to make this work. Maybe a (slightly modified?)
> > version of OpenWRT will work.
> 
> Have you heard about the Torouter project? We are currently working on
> two versions; the DreamPlug for technical users who don't mind doing
> some hacking on their own, and the Excito B3 for non-tech users. We
> have documented the project here:
> https://trac.torproject.org/projects/tor/wiki/doc/Torouter - Maybe
> this is something you'd like to help with?
> 

The beauty of the DNAT solution is that the router does not have to run
TOR at all. Much more lightweight. To give you an example: configuring
my firewall to do internet-internet DNAT only involved 3 lines in the
configuration files (see Shorewall FAQ 1g)

Rob.





More information about the tor-dev mailing list