[tor-talk] Making TOR exit-node IP address configurable

Fabio Pietrosanti (naif) lists at infosecurity.ch
Wed Mar 9 22:29:16 UTC 2011


On 3/9/11 11:20 PM, Robert Ransom wrote:
> Try running "man tor |grep -C5 OutboundBindAddress".

You didn't got the technical need, the need is to redirect only TOR-exit
traffic.

OutboundBindAddress make *all*, including intra-tor, communications go
trough that IP address:
"Make all outbound connections originate from the IP address specified.
 This is only useful when you have multiple network interfaces, and  you
 want all of Tor’s outgoing connections to use a single one."

I've been thinking about a settings for TOR-Exit only traffic.

> 
> But I'm not surprised that someone who wants to perform content
> censorship on a Tor exit node is too clueless to find that Tor
> configuration option, or to find out that iptables can apply different
> rules to the user ID under which Tor is running.
Yes but that's more complex, with iptables you can redirect TCP ports,
but from your TOR node not all traffic going for example to port 80 is
http, but a lot of it it's TOR.

If you redirect it to a transparent proxy you'll break intra-tor
communications, and so you can't just make an easy redirect with iptables.

Still, don't judge good intentions.
It's not censorship but a chance to attract more TOR exit node
maintainer by simplifying the costs and risks in running a TOR exit node.
And that's still an experiment where to look at, it may be useful for a
lot of persons looking to run a less risky exit-node . :-)

-naif
http://infosecurity.ch


More information about the tor-talk mailing list