Jump to content
Not connected, Your IP: 18.204.35.30
Sign in to follow this  
earthpeople

Trying to configure a Tor "Middle Man" relay through iptables.rules torrc

Recommended Posts

Hello and thank you in advance for any help with this. I have never ran a Tor relay before, but I would like to try to enable a "middle-man" relay through my VPN connection if it is possible.

 

I am trying to configure the Tor "middle-man" relay using my /etc/tor/torrc file and iptables.rules file. (I have not edited the TBB torrc)

 

My torrc is configured like this below:

AutomapHostsOnResolve 1
AutomapHostsSuffixes .exit,.onion
SocksPort 9050
TransPort 9040
DNSPort 9053

##Tor-middleman

Nickname ************(my secert name)
ORPort 9001
DirPort 9030
BandwidthRate 256 KB # Throttle traffic to 20KB/s
BandwidthBurst 4096 KB # But allow bursts up to 50KB/s
ExitPolicy reject *:*


 

and my current iptables.rules that work with AirVPN and TBB/Tor/Privoxy are:

 

$ iptables -L -n --line-numbers
Chain INPUT (policy DROP)
num  target     prot opt source               destination         
1               icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8 recent: SET name: ping_limiter side: source mask: 255.255.255.255
2    DROP       icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8 recent: UPDATE seconds: 4 hit_count: 6 name: ping_limiter side: source mask: 255.255.255.255
3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
5    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
6    DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7    UDP        udp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW
8    TCP        tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 ctstate NEW
9    REJECT     udp  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
10   REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0            reject-with tcp-reset
11   REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-proto-unreachable

Chain FORWARD (policy DROP)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain TCP (1 references)
num  target     prot opt source               destination         

Chain UDP (1 references)
num  target     prot opt source               destination


-----------------------------------------------------------------------------


$ iptables -t nat -L -n --line-numbers
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination     
      

 

 

If there is an easy way to do this then please let me know what I should do with ports-forward, iptables.rules, and torrc.

 

thanks.

 

-------------------------------------------------------------------

 

EDITED: I decided to edit this cause I added too much confusing info.

 

So to keep things simple, I don't know if I need ports forwarded or if I just need some new iptables rules to make things work. (or both)

 

Currently my Tor Browser Bundle (TBB) works on port 9150 and 9151 over my VPN connection and so does my Tor/Privoxy connection using Socks4a for port 9050 and 8118. When running both tor instances I have 6 EntryGuards to start. When I configure the "middle-man" relay in my linux /etc/tor/torrc file I get about 20-80 more ESTABLISHED connection with the original 6 ESTABLISHED EntryGuards. But after a few minutes I only have the original 6 EntryGuards as ESTABLISHED connections when using the netstat command.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...