As I told you guys ITLDC.com kicked 3 of my exit servers last month. Just got 3 new ones, hosted by DigitalOcean, Hostwinds and soon virtualniserverlite.
If things go wrong (and with my luck they will) how many and which ports do I have to forward to be useful as a exit node?
eg: I get lots of abuse of port 22, can I close it and the TOR network will for itself find out that sending me ssh traffic is a bad idea?
markus
I don't have any exit relays, but my understanding is that you should use torrc, and only torrc, to define which outgoing ports you want to be reachable.
Do not block or otherwise interfere with anything which you allow in torrc, because that may get you the BadExit flag when discovered.
A Reduced Exit Policy[1] may be what you are looking for.
[1] https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
On 05/22/2016 03:34 PM, Markus Koch wrote:
If things go wrong (and with my luck they will) how many and which ports do I have to forward to be useful as a exit node?
eg: I get lots of abuse of port 22, can I close it and the TOR network will for itself find out that sending me ssh traffic is a bad idea?
Yes, but how many ports do I have to open to be "useful"? In an extreme case: Would it help just to forward port 80 and 433?
2016-05-22 15:51 GMT+02:00 Random Tor Node Operator tor@unterderbruecke.de:
I don't have any exit relays, but my understanding is that you should use torrc, and only torrc, to define which outgoing ports you want to be reachable.
Do not block or otherwise interfere with anything which you allow in torrc, because that may get you the BadExit flag when discovered.
A Reduced Exit Policy[1] may be what you are looking for.
[1] https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
On 05/22/2016 03:34 PM, Markus Koch wrote:
If things go wrong (and with my luck they will) how many and which ports do I have to forward to be useful as a exit node?
eg: I get lots of abuse of port 22, can I close it and the TOR network will for itself find out that sending me ssh traffic is a bad idea?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hey.
Am 22.05.2016 16:00, schrieb Markus Koch:
Yes, but how many ports do I have to open to be "useful"? In an extreme case: Would it help just to forward port 80 and 433?
It would still be useful and receive the "Exit" flag:
"Exit" -- A router is called an 'Exit' iff it allows exits to at least two of the ports 80, 443, and 6667 and allows exits to at least one /8 address space.
-- https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2133
felix
Port 6667 ... long time no see thank you for the information!
markus
2016-05-22 16:10 GMT+02:00 Felix Eckhofer felix@tribut.de:
Hey.
Am 22.05.2016 16:00, schrieb Markus Koch:
Yes, but how many ports do I have to open to be "useful"? In an extreme case: Would it help just to forward port 80 and 433?
It would still be useful and receive the "Exit" flag:
"Exit" -- A router is called an 'Exit' iff it allows exits to at least two of the ports 80, 443, and 6667 and allows exits to at least one /8 address space.
-- https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2133
felix _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 05/22/2016 04:00 PM, Markus Koch wrote:
Yes, but how many ports do I have to open to be "useful"? In an extreme case: Would it help just to forward port 80 and 433?
I think the most spartanic Exit Policy is at the bottom of [1]:
ExitPolicy accept *:53 # DNS ExitPolicy accept *:80 # HTTP ExitPolicy accept *:443 # HTTPS ExitPolicy reject *:*
What is useful and what isn't is probably a matter of the eye of the beholder.
In my opinion, a http/https/dns-only exit is surely still more useful than not exiting at all.
2016-05-22 16:30 GMT+02:00 Random Tor Node Operator tor@unterderbruecke.de:
On 05/22/2016 04:00 PM, Markus Koch wrote:
Yes, but how many ports do I have to open to be "useful"? In an extreme case: Would it help just to forward port 80 and 433?
I think the most spartanic Exit Policy is at the bottom of [1]:
ExitPolicy accept *:53 # DNS ExitPolicy accept *:80 # HTTP ExitPolicy accept *:443 # HTTPS ExitPolicy reject *:*
What is useful and what isn't is probably a matter of the eye of the beholder.
In my opinion, a http/https/dns-only exit is surely still more useful than not exiting at all.
Good point. Stupid question: Do we know what services the users use most?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 22 May 2016, at 11:30, Random Tor Node Operator tor@unterderbruecke.de wrote:
On 05/22/2016 04:00 PM, Markus Koch wrote:
Yes, but how many ports do I have to open to be "useful"? In an extreme case: Would it help just to forward port 80 and 433?
I think the most spartanic Exit Policy is at the bottom of [1]:
ExitPolicy accept *:53 # DNS ExitPolicy accept *:80 # HTTP ExitPolicy accept *:443 # HTTPS ExitPolicy reject *:*
What is useful and what isn't is probably a matter of the eye of the beholder.
In my opinion, a http/https/dns-only exit is surely still more useful than not exiting at all.
It's worth noting that Exits do DNS on behalf of clients that ask to connect to a domain name, regardless of whether the ExitPolicy includes port 53. So port 53 is only useful for clients that want to run their own DNS over TCP, or use port 53 for something else.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
tor-relays@lists.torproject.org
-
Felix Eckhofer -
Markus Koch -
Random Tor Node Operator -
Tim Wilson-Brown - teor