Re: [tor-relays] New month, new TOR exit servers, need ELI5 pls
> On 22 May 2016, at 11:30, Random Tor Node Operator > wrote: > > On 05/22/2016 04:00 PM, Markus Koch wrote: >> Yes, but how many ports do I have to open to be "useful"? In an >> extreme case: Would it help just to forward port 80 and 433? > > I think the most spartanic Exit Policy is at the bottom of [1]: > > ExitPolicy accept *:53# DNS > ExitPolicy accept *:80# HTTP > ExitPolicy accept *:443 # HTTPS > ExitPolicy reject *:* > > > What is useful and what isn't is probably a matter of the eye of the > beholder. > > In my opinion, a http/https/dns-only exit is surely still more useful > than not exiting at all. It's worth noting that Exits do DNS on behalf of clients that ask to connect to a domain name, regardless of whether the ExitPolicy includes port 53. So port 53 is only useful for clients that want to run their own DNS over TCP, or use port 53 for something else. Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n signature.asc Description: Message signed with OpenPGP using GPGMail ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New month, new TOR exit servers, need ELI5 pls
Port 6667 ... long time no see thank you for the information! markus 2016-05-22 16:10 GMT+02:00 Felix Eckhofer : > Hey. > > Am 22.05.2016 16:00, schrieb Markus Koch: >> >> Yes, but how many ports do I have to open to be "useful"? In an >> extreme case: Would it help just to forward port 80 and 433? > > > It would still be useful and receive the "Exit" flag: > >"Exit" -- A router is called an 'Exit' iff it allows exits to at >least two of the ports 80, 443, and 6667 and allows exits to at >least one /8 address space. > > -- https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2133 > > > > felix > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New month, new TOR exit servers, need ELI5 pls
Hey. Am 22.05.2016 16:00, schrieb Markus Koch: Yes, but how many ports do I have to open to be "useful"? In an extreme case: Would it help just to forward port 80 and 433? It would still be useful and receive the "Exit" flag: "Exit" -- A router is called an 'Exit' iff it allows exits to at least two of the ports 80, 443, and 6667 and allows exits to at least one /8 address space. -- https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2133 felix ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New month, new TOR exit servers, need ELI5 pls
2016-05-22 16:30 GMT+02:00 Random Tor Node Operator : > On 05/22/2016 04:00 PM, Markus Koch wrote: >> Yes, but how many ports do I have to open to be "useful"? In an >> extreme case: Would it help just to forward port 80 and 433? > > I think the most spartanic Exit Policy is at the bottom of [1]: > > ExitPolicy accept *:53# DNS > ExitPolicy accept *:80# HTTP > ExitPolicy accept *:443 # HTTPS > ExitPolicy reject *:* > > > What is useful and what isn't is probably a matter of the eye of the > beholder. > > In my opinion, a http/https/dns-only exit is surely still more useful > than not exiting at all. Good point. Stupid question: Do we know what services the users use most? > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New month, new TOR exit servers, need ELI5 pls
On 05/22/2016 04:00 PM, Markus Koch wrote: > Yes, but how many ports do I have to open to be "useful"? In an > extreme case: Would it help just to forward port 80 and 433? I think the most spartanic Exit Policy is at the bottom of [1]: ExitPolicy accept *:53# DNS ExitPolicy accept *:80# HTTP ExitPolicy accept *:443 # HTTPS ExitPolicy reject *:* What is useful and what isn't is probably a matter of the eye of the beholder. In my opinion, a http/https/dns-only exit is surely still more useful than not exiting at all. signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New month, new TOR exit servers, need ELI5 pls
You can close port 22 by adding it to your exit policy. The syntax would be something like ExitPolicy reject *:22 You should put this towards the top of the exit policy rules so it isn't overridden by other rules. On May 22, 2016 8:34 AM, "Markus Koch" wrote: As I told you guys ITLDC.com kicked 3 of my exit servers last month. Just got 3 new ones, hosted by DigitalOcean, Hostwinds and soon virtualniserverlite. If things go wrong (and with my luck they will) how many and which ports do I have to forward to be useful as a exit node? eg: I get lots of abuse of port 22, can I close it and the TOR network will for itself find out that sending me ssh traffic is a bad idea? markus ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New month, new TOR exit servers, need ELI5 pls
Yes, but how many ports do I have to open to be "useful"? In an extreme case: Would it help just to forward port 80 and 433? 2016-05-22 15:51 GMT+02:00 Random Tor Node Operator : > I don't have any exit relays, but my understanding is that you should > use torrc, and only torrc, to define which outgoing ports you want to be > reachable. > > Do not block or otherwise interfere with anything which you allow in > torrc, because that may get you the BadExit flag when discovered. > > A Reduced Exit Policy[1] may be what you are looking for. > > [1] https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy > > > On 05/22/2016 03:34 PM, Markus Koch wrote: >> If things go wrong (and with my luck they will) how many and which >> ports do I have to forward to be useful as a exit node? >> >> eg: I get lots of abuse of port 22, can I close it and the TOR network >> will for itself find out that sending me ssh traffic is a bad idea? > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New month, new TOR exit servers, need ELI5 pls
I don't have any exit relays, but my understanding is that you should use torrc, and only torrc, to define which outgoing ports you want to be reachable. Do not block or otherwise interfere with anything which you allow in torrc, because that may get you the BadExit flag when discovered. A Reduced Exit Policy[1] may be what you are looking for. [1] https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy On 05/22/2016 03:34 PM, Markus Koch wrote: > If things go wrong (and with my luck they will) how many and which > ports do I have to forward to be useful as a exit node? > > eg: I get lots of abuse of port 22, can I close it and the TOR network > will for itself find out that sending me ssh traffic is a bad idea? signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] New month, new TOR exit servers, need ELI5 pls
As I told you guys ITLDC.com kicked 3 of my exit servers last month. Just got 3 new ones, hosted by DigitalOcean, Hostwinds and soon virtualniserverlite. If things go wrong (and with my luck they will) how many and which ports do I have to forward to be useful as a exit node? eg: I get lots of abuse of port 22, can I close it and the TOR network will for itself find out that sending me ssh traffic is a bad idea? markus ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays