Re: [tor-relays] tor-relays Digest, 3 questions on torcc file
On 09/03/2016 05:35 PM, jensm1 wrote: > I agree to everything Matt said. > > A good rule of thumb for tor configuration is "leave everything at > default, unless you've got a reason to change it". I concur. Generally speaking you really don't have to get under the hood much. Tor's ready to roll right out of the chute! 0xDD79757F.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor-relays Digest, 3 questions on torcc file
I agree to everything Matt said. A good rule of thumb for tor configuration is "leave everything at default, unless you've got a reason to change it". Also keep in mind that configuration files (and especially their comments) are mostly about what you CAN do, not what you SHOULD do. Regarding the control port: I think you don't need it at all, unless you're doing something unusual or don't have ssh access to the computer tor is running on. If both run on the same machine, arm is doing fine with just the (unix) control socket. Regarding the exit settings: Is this relay running on a computer at your home, Daniel? Is there other important stuff stored/running on that computer? If the answer to AT LEAST ONE of those two questions is yes, you should definitely set "ExitRelay 0" and "ExitPolicy reject *:*". Actually, you should set this, regardless of the answers, unless you know exactly, what it means to run an exit-relay and are willing and prepared to do this. Jens Am 03.09.2016 um 22:18 schrieb Matt Traudt: > Daniel Boone > > I missed your SOCKS question. > > If you do not intend to directly use this Tor instance to access the Tor > network, you should leave the SocksPort as it was. By default Tor only > listens on localhost:9050 (as the documentation indicates). Therefore, > even if you *do* intend to use this Tor instance to access the Tor > network, by default you can already point your applications towards > localhost:9050. > > So in most cases, this option can be left alone so the default > configuration can do its thing. Either you won't use the SOCKS proxy and > it is harmlessly listening on localhost anyway, or you are like most > people and don't need it to listen on non-localhost non-9050. For either > case, the default behavior is fine. > > Hope this helps. > > Matt > > On 09/03/2016 03:55 PM, daniel boone wrote: >> >> I got a couple of question to ask on the torrc file and I hope one of >> you will direct me. >> >> Ok here we go. I got it working as a relay which i can see in the >> terminal. I just started so it is still testing bandwidth. but this is >> not my questions >> >> 1. on line 18 of mine it is about Socks. I was reading in the man pages >> on this. It was #Socksport 9050. Per the man pages I took out the >> comment and placed as "+" per the page. So now it is *+SOCKSPort 9050 # >> Default: Bind to localhost:9050 for local connections.* >> >> > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor-relays Digest, 3 questions on torcc file
Daniel Boone I missed your SOCKS question. If you do not intend to directly use this Tor instance to access the Tor network, you should leave the SocksPort as it was. By default Tor only listens on localhost:9050 (as the documentation indicates). Therefore, even if you *do* intend to use this Tor instance to access the Tor network, by default you can already point your applications towards localhost:9050. So in most cases, this option can be left alone so the default configuration can do its thing. Either you won't use the SOCKS proxy and it is harmlessly listening on localhost anyway, or you are like most people and don't need it to listen on non-localhost non-9050. For either case, the default behavior is fine. Hope this helps. Matt On 09/03/2016 03:55 PM, daniel boone wrote: > > I got a couple of question to ask on the torrc file and I hope one of > you will direct me. > > Ok here we go. I got it working as a relay which i can see in the > terminal. I just started so it is still testing bandwidth. but this is > not my questions > > 1. on line 18 of mine it is about Socks. I was reading in the man pages > on this. It was #Socksport 9050. Per the man pages I took out the > comment and placed as "+" per the page. So now it is *+SOCKSPort 9050 # > Default: Bind to localhost:9050 for local connections.* > > signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor-relays Digest, 3 questions on torcc file
Daniel Boone The answers to your questions depend on what you want to do. > Log options If you leave them all commented, by default you'll get 'Log notice file /var/log/tor/log'. This is probably what you want unless you're debugging some issue. > ControlPort 9051 I'm **pretty sure** this is just for tools like arm. This should probably not be forwarded at your router, as you'll probably just run arm on the same machine as Tor. Other people, please correct me if I'm wrong about ControlPort's purpose. > RelayBandwidthRate, RelayBandwidthBurst Only set this if you want to limit the bandwidth you advertise. Leave them commented if you want Tor to use as much bandwidth as possible. > Accounting Only set these options if you can only transfer so much data in a given time period. For example, some VPS providers may only give you 1 TB of total upload/download bandwidth in a month. You would then use the accounting options to make sure you do not go above that. > Exit policy Do you want to be an exit realy, or don't you? If you want to be an exit, then set ExitRelay to 1 like it suggests, then use the ExitPolicy options to set the rules you would like. This[1] is a good place to start if you would like to be an exit but avoid as many abuse complaints as possible. If you do not want to be an exit relay, set ExitRelay to 0. For good measure, also make the only ExitPolicy option equal to "reject *:*" [1]: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy I hope this is helpful to you. Matt On 09/03/2016 03:55 PM, daniel boone wrote: > > I got a couple of question to ask on the torrc file and I hope one of > you will direct me. > > Ok here we go. I got it working as a relay which i can see in the > terminal. I just started so it is still testing bandwidth. but this is > not my questions > > 1. on line 18 of mine it is about Socks. I was reading in the man pages > on this. It was #Socksport 9050. Per the man pages I took out the > comment and placed as "+" per the page. So now it is *+SOCKSPort 9050 # > Default: Bind to localhost:9050 for local connections.* > > > Ok, lines 37-44 > > *## Send all messages of level 'notice' or higher to > /var/log/tor/notices.log > #Log notice file /var/log/tor/notices.log > ## Send every possible message to /var/log/tor/debug.log > #Log debug file /var/log/tor/debug.log > ## Use the system log instead of Tor's logfiles > #Log notice syslog > ## To send all messages to stderr: > #Log debug stderr* > > at one time I had the 2nd one uncommented and I did get a log file in > the /var/tor/log file. I'm not running the tor-browser pkg I am just > running tor thru the terminal to be straight. > If I would run the say tor-browser pkg from synaptic and I do have > installed, but I just cant tell for sure if the relay is working that > way. This way in terminal I can but also can not use the browser. > Should I have the 2nd one uncommented? > > Lines 55-61 I do have the ControlPort uncommented and it does show it > connects to all ports. Took me a bit to get the partitions active thru > the modem/router. Never had to do that before. I just used the standard > ports that it had on it till the other day. > line 57 like i said I have uncommented and also line 61 for the hash > control. > > *ControlPort 9051 > ## If you enable the controlport, be sure to enable one of these > ## authentication methods, to prevent attackers from accessing it. > HashedControlPassword* > > OrPort is uncommented and set to the port line 84. > > on line 109 it is speaking of the bandwidth I have it uncommented > > *RelayBandwidthRate 100 KBytes #Throttle traffic to 100KB/s (800Kbps) > #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)* > > This one here blows my mind. Lines 103-122 what throws me in the > terminal it shows its in hibernation > > Here this from the torrc file not to throw anyone off. > > *## Define these to limit how much relayed traffic you will allow. Your > ## own traffic is still unthrottled. Note that RelayBandwidthRate must > ## be at least 20 kilobytes per second. > ## Note that units for these config options are bytes (per second), not > ## bits (per second), and that prefixes are binary prefixes, i.e. 2^10, > ## 2^20, etc. > RelayBandwidthRate 100 KBytes #Throttle traffic to 100KB/s (800Kbps) > #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)* > *## Use these to restrict the maximum traffic per day, week, or month. > ## Note that this threshold applies separately to sent and received bytes, > ## not to their sum: setting "40 GB" may allow up to 80 GB total before > ## hibernating. > ## > ## Set a maximum of 40 gigabytes each way per period.* > line 118* AccountingMax 20 GBytes > ## Each period starts daily at midnight (AccountingMax is per day)* > line 120*AccountingStart day 00:00 > ## Each period starts on the 3rd of the month at 15:00 (AccountingMax > ## is per month) >
Re: [tor-relays] tor-relays Digest, 3 questions on torcc file
I got a couple of question to ask on the torrc file and I hope one of you will direct me. Ok here we go. I got it working as a relay which i can see in the terminal. I just started so it is still testing bandwidth. but this is not my questions 1. on line 18 of mine it is about Socks. I was reading in the man pages on this. It was #Socksport 9050. Per the man pages I took out the comment and placed as "+" per the page. So now it is +SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections. Ok, lines 37-44 ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log #Log notice file /var/log/tor/notices.log ## Send every possible message to /var/log/tor/debug.log #Log debug file /var/log/tor/debug.log ## Use the system log instead of Tor's logfiles #Log notice syslog ## To send all messages to stderr: #Log debug stderr at one time I had the 2nd one uncommented and I did get a log file in the /var/tor/log file. I'm not running the tor-browser pkg I am just running tor thru the terminal to be straight. If I would run the say tor-browser pkg from synaptic and I do have installed, but I just cant tell for sure if the relay is working that way. This way in terminal I can but also can not use the browser. Should I have the 2nd one uncommented? Lines 55-61 I do have the ControlPort uncommented and it does show it connects to all ports. Took me a bit to get the partitions active thru the modem/router. Never had to do that before. I just used the standard ports that it had on it till the other day. line 57 like i said I have uncommented and also line 61 for the hash control. ControlPort 9051 ## If you enable the controlport, be sure to enable one of these ## authentication methods, to prevent attackers from accessing it. HashedControlPassword OrPort is uncommented and set to the port line 84. on line 109 it is speaking of the bandwidth I have it uncommented RelayBandwidthRate 100 KBytes #Throttle traffic to 100KB/s (800Kbps) #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb) This one here blows my mind. Lines 103-122 what throws me in the terminal it shows its in hibernation Here this from the torrc file not to throw anyone off. ## Define these to limit how much relayed traffic you will allow. Your ## own traffic is still unthrottled. Note that RelayBandwidthRate must ## be at least 20 kilobytes per second. ## Note that units for these config options are bytes (per second), not ## bits (per second), and that prefixes are binary prefixes, i.e. 2^10, ## 2^20, etc. RelayBandwidthRate 100 KBytes #Throttle traffic to 100KB/s (800Kbps) #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb) ## Use these to restrict the maximum traffic per day, week, or month. ## Note that this threshold applies separately to sent and received bytes, ## not to their sum: setting "40 GB" may allow up to 80 GB total before ## hibernating. ## ## Set a maximum of 40 gigabytes each way per period. line 118 AccountingMax 20 GBytes ## Each period starts daily at midnight (AccountingMax is per day) line 120 AccountingStart day 00:00 ## Each period starts on the 3rd of the month at 15:00 (AccountingMax ## is per month) #AccountingStart month 3 15:00 line 118 You see i have mine set at 20G. but it was at 40GB "is that a good setting? line 120 what do you do with that one? DirPort i do not have uncommented for a caution from the man page. lines 186-190 #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more #ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy #ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as default exit policy #ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy line 190 ExitPolicy reject *:25 #no exits allowed The man pages suggested that number This is from my Terminal If you do want to run an exit Relay, please set the ExitRelay option to 1 to disable this warning, and for forward compatibility. I am a little foggy on that one. Can someone please set me straight on my questions? tks -db- Sent: Saturday, September 03, 2016 at 12:07 PM From: tor-relays-requ...@lists.torproject.org To: tor-relays@lists.torproject.org Subject: tor-relays Digest, Vol 68, Issue 10 Send tor-relays mailing list submissions to tor-relays@lists.torproject.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays or, via email, send a message with subject or body 'help' to tor-relays-requ...@lists.torproject.org You can reach the person managing the list at tor-relays-ow...@lists.torproject.org When replying, please edit your Subject line so it is more specific than "Re: Contents of tor-relays digest..." Today's Topics: 1. Re: Why can't I see more
