[tor-relays] firewall ports needed to run a middle relay

Neel Chauhan neel at neelc.org
Fri Apr 26 02:05:19 UTC 2019

If you have fiber to the home or another symmetrical speed broadband 
connection (like some wireless ISPs like Webpass), you may have a lot of 
upstream speed. In this case it's perfect for Tor relays. If you do, 
invest in a good router with a big enough NAT table if you don't have 
one, flash custom firmware if your router supports it and is powerful 
enough, or reuse your old desktop as a pfSense box. I have Verizon FiOS 
FTTH and use a Linksys WRT1900AC running OpenWRT instead of a Verizon 

Some ISPs may force you to use their router, like AT&T in some parts of 
the US who forces 802.X authentication to use VDSL/FTTH that is only 
spoken on their router.

But your uplink probably is crappy if you have cable, DSL, or fixed 




On 2019-04-25 17:48, nusenu wrote:
> torix at protonmail.com:
>> I need to move to a new router, which, unlike the old Verizon home
>> router, doesn't have a quick DMZ host to which I attach the tor
>> telay's local ip address.  So I think I need to do port forwarding,
>> and for that what rules do I need? My torrc config has: ControlPort
>> 9052 ORPort 8443 DirPort 8080
>> So I forwarded 8443 and just in case, 8080. But the number of my
>> connexions kept dropping, so I put it back in the DMZ and it started
>> getting new ones again.  Trying to figure out if I screwed up the
>> config gui, or if I need to add other ports.  Did I miss a port?
> Forwarding the ORPort and DirPort (if you set one) is all you need
> but home broadband uplinks frequently are not made for the amount of
> concurrent sessions a tor relay usually has to handle.
> So failures might still happen even if you setup the port-forwarding
> part correctly.
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list