[tor-relays] Running a Relay behind a NAT (was Re: unflagged BAD EXIT nodes)
teor
teor2345 at gmail.com
Sun Jul 5 01:43:48 UTC 2015
> On 5 Jul 2015, at 11:37 , teor <teor2345 at gmail.com> wrote:
>
>> Date: Sat, 4 Jul 2015 19:34:45 -0400
>> From: Ben Serebin <ben at reefsolutions.com>
>> Subject: Re: [tor-relays] unflagged BAD EXIT nodes
>>
>> ?I'll hijack the response.... I'm a sysadmin, an unloved Windows one. My unwanted $0.02 are:
>>
>> - Windows installer (omg, Windows, the evil one which if you really want greater adoption is the answer! Oh smokes, someone said it!
>
> I agree that relay installers, particularly for non-Linux platforms, would help increase Tor's platform diversity. But platform diversity isn't a large part of Tor's threat model, as its impact is mainly felt through vulnerabilities shared by an entire platform.
>
> Currently, it looks like 90% of the Tor relays are Linux, by count of relays.
> (I believe the weighted bandwidth statistic is much higher than 90%.)
> https://metrics.torproject.org/platforms.html
>
> One suggestion I've heard, but that isn't ideal, is to download the Tor Browser Bundle, and modify the torrc in it to run a relay.
>
> That said, a relay operator really needs to know how to download, install, and configure a service on a secured server. So that's one reason a one-click installer is a bad idea.
>
>> - change the architecture so running behind nat works (this is probably the #1 limit factor for increasing relays). Every tom, dick, and harry could then add bandwidth via every internet circuit. It would be insane!
>
> Tor relays run quite fine behind a NAT, as long as the NAT box handles the number of connections which tor makes.
>
> There's even src/tools/tor-fw-helper, which supports NAT-PMP and UPnP.
> It can be configured via the torrc option:
> PortForwarding 1
>
> Or, you can configure your NAT box to forward ports yourself.
Don't use PortForwarding or src/tools/tor-fw-helper, just configure your NAT box to forward ports. It's much more reliable, and you can see exactly what's configured.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
pgp ABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150705/9cf1007c/attachment.sig>
More information about the tor-relays
mailing list