So, after reading Gunnar's blog post about how he configured a Tor node using his "Cubox-i4Pro" I decided to try and setup one using the MinnowBoard MAX and the installation of Debian done previously accepting the "Tor Challenge".
Once you have your GNU/Linux distribution installed/configured the way you want (and needed to setup the TOR node), this is what I have in the configuration file:
Tor Configuration File (torrc):
SocksPort 0
ORPort 9001
Nickname ididnteditheconfig
RelayBandwidthRate 640 KB
RelayBandwidthBurst 640 KB
ContactInfo Random Person
ExitPolicy reject *:*
BridgeRelay 1
DisableDebuggerAttachment 0
SocksPort 0
ORPort 9001
Nickname ididnteditheconfig
RelayBandwidthRate 640 KB
RelayBandwidthBurst 640 KB
ContactInfo Random Person
ExitPolicy reject *:*
BridgeRelay 1
DisableDebuggerAttachment 0
Like Gunnar, I ended with an "exit relay" instead of a "bridge relay", so I had to modify the configuration file accordingly. Please, do not do a "copy & paste" (at least not entirely) of what I wrote here.
You need to configure the "Relay*" parameters based on the available bandwith that you plan to share And you have to setup the iptables rules too, this is what I have (I'm forced to use NAT):
You need to configure the "Relay*" parameters based on the available bandwith that you plan to share And you have to setup the iptables rules too, this is what I have (I'm forced to use NAT):
*filter
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -d your.ip.here --dport 9001 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p udp --dport 123 -j ACCEPT
#Allow ICMP
-A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -p tcp -s your.ip.here --sport 9001 -j ACCEPT
-A OUTPUT -p udp --dport 123 -j ACCEPT
-A OUTPUT -j ACCEPT
-A FORWARD -j DROP
COMMIT
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -d your.ip.here --dport 9001 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p udp --dport 123 -j ACCEPT
#Allow ICMP
-A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -p tcp -s your.ip.here --sport 9001 -j ACCEPT
-A OUTPUT -p udp --dport 123 -j ACCEPT
-A OUTPUT -j ACCEPT
-A FORWARD -j DROP
COMMIT
Here's a snapshot of the last days:
If you accept the challenge, please take your time and read carefully all the documentation, do not setup a Tor node if you're not the owner of the hardware, you better setup a "bridge relay" if you plan to share the bandwith from your home, if you are allowed to install the Tor node from your job/collegue, then you should configure a relay exit.
No hay comentarios.:
Publicar un comentario