I need to move to a new router, which, unlike the old Verizon home router, doesn't have a quick DMZ host to which I attach the tor telay's local ip address. So I think I need to do port forwarding, and for that what rules do I need? My torrc config has: ControlPort 9052 ORPort 8443 DirPort 8080
So I forwarded 8443 and just in case, 8080. But the number of my connexions kept dropping, so I put it back in the DMZ and it started getting new ones again. Trying to figure out if I screwed up the config gui, or if I need to add other ports. Did I miss a port?
TIA,
--Torix
Sent with [ProtonMail](https://protonmail.com) Secure Email.
torix@protonmail.com:
I need to move to a new router, which, unlike the old Verizon home router, doesn't have a quick DMZ host to which I attach the tor telay's local ip address. So I think I need to do port forwarding, and for that what rules do I need? My torrc config has: ControlPort 9052 ORPort 8443 DirPort 8080
So I forwarded 8443 and just in case, 8080. But the number of my connexions kept dropping, so I put it back in the DMZ and it started getting new ones again. Trying to figure out if I screwed up the config gui, or if I need to add other ports. Did I miss a port?
Forwarding the ORPort and DirPort (if you set one) is all you need but home broadband uplinks frequently are not made for the amount of concurrent sessions a tor relay usually has to handle. So failures might still happen even if you setup the port-forwarding part correctly.
If you have fiber to the home or another symmetrical speed broadband connection (like some wireless ISPs like Webpass), you may have a lot of upstream speed. In this case it's perfect for Tor relays. If you do, invest in a good router with a big enough NAT table if you don't have one, flash custom firmware if your router supports it and is powerful enough, or reuse your old desktop as a pfSense box. I have Verizon FiOS FTTH and use a Linksys WRT1900AC running OpenWRT instead of a Verizon gateway.
Some ISPs may force you to use their router, like AT&T in some parts of the US who forces 802.X authentication to use VDSL/FTTH that is only spoken on their router.
But your uplink probably is crappy if you have cable, DSL, or fixed wireless.
-Neel
===
On 2019-04-25 17:48, nusenu wrote:
torix@protonmail.com:
I need to move to a new router, which, unlike the old Verizon home router, doesn't have a quick DMZ host to which I attach the tor telay's local ip address. So I think I need to do port forwarding, and for that what rules do I need? My torrc config has: ControlPort 9052 ORPort 8443 DirPort 8080
So I forwarded 8443 and just in case, 8080. But the number of my connexions kept dropping, so I put it back in the DMZ and it started getting new ones again. Trying to figure out if I screwed up the config gui, or if I need to add other ports. Did I miss a port?
Forwarding the ORPort and DirPort (if you set one) is all you need but home broadband uplinks frequently are not made for the amount of concurrent sessions a tor relay usually has to handle. So failures might still happen even if you setup the port-forwarding part correctly. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Thank you all for your helpful replies on this - more than just what I asked.
I think the router (actiontec MI424WR from Verizon) is up to the task - for the first year it went up to about 6,000 connexions; in the last year since the dos mitigation patch came out it averages about 2,500. My service is equal up/download speeds, about 55/60 megabits/sec on the verizon speed test, and I have never noticed tor's use on it. I've never had to configure it except to put the tor box in the DMZ, as most games and remote desktop were already pre-configured. I'll look at openWRT, Neel, tho not sure I'm up to configuring it.
Thanks Again,
--Torix
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, April 26, 2019 2:05 AM, Neel Chauhan neel@neelc.org wrote:
If you have fiber to the home or another symmetrical speed broadband connection (like some wireless ISPs like Webpass), you may have a lot of upstream speed. In this case it's perfect for Tor relays. If you do, invest in a good router with a big enough NAT table if you don't have one, flash custom firmware if your router supports it and is powerful enough, or reuse your old desktop as a pfSense box. I have Verizon FiOS FTTH and use a Linksys WRT1900AC running OpenWRT instead of a Verizon gateway.
Some ISPs may force you to use their router, like AT&T in some parts of the US who forces 802.X authentication to use VDSL/FTTH that is only spoken on their router.
But your uplink probably is crappy if you have cable, DSL, or fixed wireless.
-Neel
==================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================
On 2019-04-25 17:48, nusenu wrote:
torix@protonmail.com:
I need to move to a new router, which, unlike the old Verizon home router, doesn't have a quick DMZ host to which I attach the tor telay's local ip address. So I think I need to do port forwarding, and for that what rules do I need? My torrc config has: ControlPort 9052 ORPort 8443 DirPort 8080 So I forwarded 8443 and just in case, 8080. But the number of my connexions kept dropping, so I put it back in the DMZ and it started getting new ones again. Trying to figure out if I screwed up the config gui, or if I need to add other ports. Did I miss a port?
Forwarding the ORPort and DirPort (if you set one) is all you need but home broadband uplinks frequently are not made for the amount of concurrent sessions a tor relay usually has to handle. So failures might still happen even if you setup the port-forwarding part correctly.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, 25 Apr 2019 21:43:33 +0000 torix@protonmail.com wrote:
I need to move to a new router, which, unlike the old Verizon home router, doesn't have a quick DMZ host to which I attach the tor telay's local ip address. So I think I need to do port forwarding, and for that what rules do I need? My torrc config has: ControlPort 9052 ORPort 8443 DirPort 8080
So I forwarded 8443 and just in case, 8080. But the number of my connexions kept dropping, so I put it back in the DMZ and it started getting new ones again. Trying to figure out if I screwed up the config gui, or if I need to add other ports. Did I miss a port?
ORPort is enough, and DirPort is not needed anymore by the current versions of Tor, you can remove it from the config and not forward it, which is great, one less port to keep track of.
Does it pull the correct Torrc file?
Am 25.04.2019 um 23:43 schrieb torix@protonmail.com:
I need to move to a new router, which, unlike the old Verizon home router, doesn't have a quick DMZ host to which I attach the tor telay's local ip address. So I think I need to do port forwarding, and for that what rules do I need? My torrc config has: ControlPort 9052 ORPort 8443 DirPort 8080
So I forwarded 8443 and just in case, 8080. But the number of my connexions kept dropping, so I put it back in the DMZ and it started getting new ones again. Trying to figure out if I screwed up the config gui, or if I need to add other ports. Did I miss a port?
TIA,
--Torix
Sent with ProtonMail Secure Email.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
yes, according to nyx. Good thought...
Sent with [ProtonMail](https://protonmail.com) Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, April 25, 2019 10:21 PM, Volker Mink volker.mink@gmx.de wrote:
Does it pull the correct Torrc file?
Am 25.04.2019 um 23:43 schrieb torix@protonmail.com:
I need to move to a new router, which, unlike the old Verizon home router, doesn't have a quick DMZ host to which I attach the tor telay's local ip address. So I think I need to do port forwarding, and for that what rules do I need? My torrc config has: ControlPort 9052 ORPort 8443 DirPort 8080
So I forwarded 8443 and just in case, 8080. But the number of my connexions kept dropping, so I put it back in the DMZ and it started getting new ones again. Trying to figure out if I screwed up the config gui, or if I need to add other ports. Did I miss a port?
TIA,
--Torix
Sent with [ProtonMail](https://protonmail.com) Secure Email.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Neel Chauhan -
nusenu -
Roman Mamedov -
torix@protonmail.com -
Volker Mink