[tor-relays] Exit flag and port 6667 vs 6697

Igor Mitrofanov igor.n.mitrofanov at gmail.com
Tue Jul 4 14:18:11 UTC 2017


Hi,

I am trying to run a few Exit relays on my 1 gbps connection. To keep
donating the exit capacity to the Tor project I have to keep abuse
reports to a minimum.

In order to have the Exit flag I have read that I have to keep two of
ports 80, 443 and 6667 open, plus allow exiting to at least one /8
network - is that still the Dir spec? Is it correct that without the
Exit flag, no clients will choose the relay for their circuits - even
if its Exit policy allows the port they need? For example, take a look
at the "cry" relay (one of top 10) - it is not marked as "Exit" as it
only allows ports 6660-6667 - does that mean it is only ever used as a
middle relay?

I have read that port 80 generates quite a bit of abuse complaints as
it is used to tunnel non-HTTP traffic, by malware, etc. So, choosing
ports 443 and 6667 to get the 'Exit'  flag looks like the safest
choice. I have also read that ports above 1024 are more likely to used
by BitTorrent clients, so they are to be rejected in order to minimize
abuse.

My current, rather paranoid, list of accepted ports looks like this:
20-21, 53, 443, 993, 995, 6667. I am not sure how useful this is to
Tor, and whether I will actually avoid complaints, but I guess I can
only wait and see.

My question is about 6667 - should Tor's 'Exit flag policy' allow 6697
(IRC encrypted over SSL) as an alternative to 6667? I would rather
support people using 6697, if I had the choice.

Thanks,
Igor


More information about the tor-relays mailing list