[tor-relays] Config Tor Exit Node

Gordon Morehouse gordon at morehouse.me
Thu Aug 22 17:33:47 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

var:
> Hi guys,
> 
> we moved from a Win to  Linux  with our tor exit node. The win was
>  running fine no problems since we are running the the exit node
> on a Debian wheezy we got in trouble. The exit node is installed
> and configured with the how to on the official Tor website. The
> exit node is directly plugged in to the gateway. Its an DIR-655 
> <http://support.dlink.com.tw/> which just have to run our internet
>  traffic + the tor exit node.

I strongly suspect that you are doing one or both of the following:

1 overloading your available outbound bandwidth, resulting in
  bufferbloat-related problems.

2 overloading the DIR-655's NAT state table with too many connections.

What version of Windows were you running on before?  The 'Home' type
versions have at various points had limits in the number or rate of
TCP connections the OS would allow; Linux is far less limited.

> Problem is that when the node is running i lose my internet on 
> every other PC around. Connection is still there but it take years 
> to resolve the names....so i figured it must be an DNS problem.

Either of the above would definitely cause symptoms like this.

I might try the following:

1. Turn Tor off completely and wait a while for other nodes to stop
trying to hit your (now turned-off) relay.  Then do several broadband
speed tests.  Average the numbers together for your OUTBOUND bandwidth
in KB/sec, multiply by 0.7, and set RelayBandwidthRate to the
resulting number (or smaller).

2. Turn off directory mirroring on your relay.

3. If you still have problems, figure out how many TCP connections are
in ESTABLISHED, TIME_WAIT on the Tor relay box.  If there are many
(more than a couple hundred), consider either setting
MaxAdvertisedBandwidth to 50% of your RelayBandwidthRate, or use
iptables or other means to limit the total number of TCP connections
your machine can accept from outside your LAN before it starts to drop
packets.

Also, you might consider upgrading your router and/or using an
alternative firmware.

Best,
- -Gordon M.

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJSFkt5AAoJED/jpRoe7/uj4SMH/1AynEX0n0YlwPDrr/h/MFvJ
efju8RQ8JXOEaLqYvLMdk71OF2fZ8+EFm/5zkcgUc9F6WjhLWM3w8REhjvRCyjcH
XFKLkQsvWtftVBaE4Vh+kzedxBMANuABTfZEQdsrs3BZiuzaxAU7EE140Wm+BIja
whcbyVYaQ5UcwGUfXSSsVVaoOa0wMa+616HG4rvS2L8MuFdaLih4gdBonjMdMKOS
P6doFbe6LOkXoZ5nKPmhz2Q+tqU9jLkY5MJqBXlQY/7lnYS/eCePyRi40Jv48x/e
4L4A8jw29jaFLKJm4DybU6Fg2hUNIGXYOuU3RmmKRA+gNfNrI7My2LD15/imTZQ=
=+pA3
-----END PGP SIGNATURE-----


More information about the tor-relays mailing list