[tor-relays] Help the Tor Project by running a fast unpublished bridge
Roger Dingledine
arma at mit.edu
Sat Aug 11 22:25:03 UTC 2012
Hi folks,
In addition to the "get many fast exit relays" plan, that same funder
(Voice of America) wants us to run a pile of fast stable unpublished
bridges. We'll give the bridge addresses out manually to their target
users over the coming months.
The constraints are:
* 100mbit+ connectivity, though in practice I expect they will spend
most of their time doing far less than that.
* No more than 2 bridges per /24. If you're running fast (100mbit+)
exits (which is more important), exits on that /24 count toward this 2.
* No more than 7 bridges total per data center.
If you could set up 1 (or 2, or 20) and send me the address(es) privately,
that would be grand.
We do have some funding for this, but I'm hoping that we can get enough
volunteers so we can put the money toward more fast exits and better QA
and build automation for the Tor bundles. So if you have good connectivity
but can't run an exit, this is a great way to contribute.
The torrc lines we want include:
ORPort 443 # or whichever port you like
BridgeRelay 1
PublishServerDescriptor 0
RelayBandwidthRate 11875 KB # or more
RelayBandwidthBurst 12500 KB # or more
If you have 3+ IP addresses and want to get fancy, you might set
OutboundBindAddress to a different IP address than you tell me, to avoid
some of the bridge enumeration attacks listed at
https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges
Later I might ask you to set up some sort of server-side pluggable
transport like obfsproxy, but there's no rush on that.
Long-term, "get a bunch of fast bridges on individual static IP addresses"
is not a very good plan. Instead, we plan to focus on borrowing
whole netblocks from ISPs and other people who aren't using them, and
redirecting the addresses en masse into a bridge. You can start playing
around with this idea by using an iptables rule rather than a bridge:
/sbin/iptables -t nat -A PREROUTING -p tcp -d 18.244.0.114 --dport 80 -j DNAT --to-destination 128.31.0.34:9032
if the bridge listens on 128.31.0.34:9032 and you want me to advertise
the address 18.244.0.114:80.
Let me know if you have any questions or I can help clarify anything.
Thanks!
--Roger
More information about the tor-relays
mailing list