HOWTO setup a Tor-server

From LinuxReviews
Jump to navigationJump to search

A Tor-server is a server which allows Tor clients (users) to connect anonymously to the Internet. There are many good reasons why you should consider running a Tor server.

Kemonomimi rabbit.svg
Note: This page was written in 2007. The entire page may be out of date or totally accurate. It should probably be entirely re-written and re-done regardless.

Types of Tor servers

You only need to run a Tor client to browse the Internet anonymously using Tor. If you have bandwidth and resources to spare then you may want to contribute to the Tor network by setting up your Tor node as a Tor server.

The more servers there are, the better for everybody. An agency who controls 15% of the Tor network would be able to compromise it; that would be easy with a total of 100 tor servers on the network, very hard to do with a total of 1 million. More servers mean better anonymity.

There are two ways you can help: You can run a Middleman node or an Exit Node.

Middleman node

A middleman passes Tor traffic back and forth, and that's it. They add another layer of security. Middleman are important to the network.

Running a middleman node is completely risk-free.

Exit node

An Exit Node allows traffic to leave the tor network at your server, so that it appears to the outside world that the traffic has come from your computer. Depending on the legislation of your country, this might get you in trouble. If you don't want to risk that, run a Middleman Node.

Check how the services running on your servers are configured before you setup your Tor node to be an Exit Node, specially if you plan on opening ports beyond the default exit policy. Users who exit from your Tor node will be exiting from localhost unless you set OutboundBindAddress (which is a good idea). This means that applications who by default trust anyone coming from (localhost) will trust external users who are exiting from your Tor-server to your server.

Howto setup a Tor server

These are the basic settings you need to setup your Tor-node as a server:

File: /etc/tor/torrc
## This is required, but you can choose the port
ORPort 9001
DirPort 9030

## Required: A unique handle for this server. Choose one.
Nickname YourNickName

## The IP or fqdn for this server. Leave commented out and Tor will guess.
## This may be required, if tor cannot guess your public IP.
Address <your.public.ip>

OutboundBindAddress <your.public.ip>

## To limit your bandwidth usage, define this. Note that BandwidthRate
## must be at least 20 KB.
BandwidthRate 20 KB        # Throttle traffic to 20KB/s (160Kbps)
BandwidthBurst 50 KB       # But allow bursts up to 50KB/s (400Kbps)

## If you don't want to run an Exit Node, add this
#ExitPolicy reject *:* # middleman only -- no exits allowed

Note OutboundBindAddress. This is the IP Tor-users will be exiting your server from. This setting should also be set to your servers IP if it has a real IP (not behind a NAT firewall with something like, even if it only has one, because then anyone exiting from your server to your server will then be coming from that IP and not from (which they would if OutboundBindAddress is not set).

You do not need DirPort to run a server; this setting also makes your server a directory mirror (which also helps the Tor-network).

Setting your ExitPolicy

If you only want to be a middleman and not allow any exiting from your Tor server to the normal Internet then you only need:

File: /etc/tor/torrc
ExitPolicy reject	*:*

The default exit policy is:

File: /etc/tor/torrc
ExitPolicy reject	*:25
ExitPolicy reject	*:119
ExitPolicy reject	*:135-139
ExitPolicy reject	*:445
ExitPolicy reject	*:465
ExitPolicy reject	*:587
ExitPolicy reject	*:1214
ExitPolicy reject	*:4661-4666
ExitPolicy reject	*:6346-6429
ExitPolicy reject	*:6699
ExitPolicy reject	*:6881-6999
ExitPolicy accept	*:*

Add more ExitPolicy reject *:???? if you want to block outgoing connections to other ports (such as 22 and 3306).


Discontinued (outdated) Tor GUIs: