[tor-relays] Running a Relay behind a NAT (was Re: unflagged BAD EXIT nodes)
teor
teor2345 at gmail.com
Sun Jul 5 01:37:15 UTC 2015
> Date: Sat, 4 Jul 2015 19:34:45 -0400
> From: Ben Serebin <ben at reefsolutions.com>
> Subject: Re: [tor-relays] unflagged BAD EXIT nodes
>
> ?I'll hijack the response.... I'm a sysadmin, an unloved Windows one. My unwanted $0.02 are:
>
> - Windows installer (omg, Windows, the evil one which if you really want greater adoption is the answer! Oh smokes, someone said it!
I agree that relay installers, particularly for non-Linux platforms, would help increase Tor's platform diversity. But platform diversity isn't a large part of Tor's threat model, as its impact is mainly felt through vulnerabilities shared by an entire platform.
Currently, it looks like 90% of the Tor relays are Linux, by count of relays.
(I believe the weighted bandwidth statistic is much higher than 90%.)
https://metrics.torproject.org/platforms.html
One suggestion I've heard, but that isn't ideal, is to download the Tor Browser Bundle, and modify the torrc in it to run a relay.
That said, a relay operator really needs to know how to download, install, and configure a service on a secured server. So that's one reason a one-click installer is a bad idea.
> - change the architecture so running behind nat works (this is probably the #1 limit factor for increasing relays). Every tom, dick, and harry could then add bandwidth via every internet circuit. It would be insane!
Tor relays run quite fine behind a NAT, as long as the NAT box handles the number of connections which tor makes.
There's even src/tools/tor-fw-helper, which supports NAT-PMP and UPnP.
It can be configured via the torrc option:
PortForwarding 1
Or, you can configure your NAT box to forward ports yourself.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
pgp ABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150705/eec1a924/attachment.sig>
More information about the tor-relays
mailing list