Recently I upgraded my home internet to 1 Gbps and also requested a static block of IPv6 addresses. It’s hard to believe how many hosts I could support with a /64 block–18,446,744,073,709,551,616 (18 quintillion) unique IPs.
Special shout-out to CondoInternet.net for being such an awesome ISP. With my former 100 Mbps internet line, I transfered over 20 Terabytes a month with this Exit Router and they don’t care. I had emailed them over a year ago asking for their policy or opinion about Tor and they don’t have either, though I did pique the interest of my support representative who kindly responded to my emails.
The following was performed on my recently deployed Ubuntu 13.04 server x64 host.
First I added the following 5 lines to the bottom of my network interfaces config.
sudo vim /etc/network/interfaces
auto eth0 iface eth0 inet static address 216.243.58.198 netmask 255.255.###.### gateway 216.243.###.### broadcast 216.243.###.### dns-nameservers 8.8.8.8 8.8.4.4 iface eth0 inet6 static pre-up modprobe ipv6 address 2604:4080:110f:201::9001 netmask 64 gateway 2604:4080:####:###::####
I turned off the IPv6 Privacy Extension, which is on by default in recent versions of Ubuntu, since I’m not worried about my privacy for this static address being compromised by advertisers. However, I’m not sure if this is a necessary step for Tor routing.
sudo vim /etc/sysctl.d/10-ipv6-privacy.conf
net.ipv6.conf.all.use_tempaddr = 0 net.ipv6.conf.default.use_tempaddr = 0
I had to update my /etc/tor/torrc file by adding three lines. As the Tor Project guides mention, at this time Tor can only support IPv6 incoming traffic, so I added an ORPort with a static address. Since the Tor Project recommends that Exit Routers that aren’t hosting encrypted web content via port 443 use this port for their ORPort, I changed my IPv4 ORPort to 443 to better support Tor users behind restrictive firewalls. In the future I will likely change my IPv6 ORPort to a similar, more accessible port.
- https://people.torproject.org/~linus/ipv6-relay-howto.html
- https://www.torproject.org/docs/tor-manual-dev.html.en
Additionally, I up’d my Relay Bandwidth Rate and Burst caps.
## Configuration file for a typical Tor user ## Last updated 12 September 2012 for Tor 0.2.4.3-alpha. ## (may or may not work for much older or much newer versions of Tor.) SocksPort 0 Log notice file /var/log/tor/notices.log RunAsDaemon 1 DataDirectory /var/lib/tor ################ This section is just for relays ##################### ORPort 443 ORPort [2604:4080:110f:201::9001]:9001 ClientUseIPv6 1 ClientPreferIPv6ORPort 1 OutboundBindAddress 216.243.58.198 Nickname YawnboxSeattle RelayBandwidthRate 16000 KB RelayBandwidthBurst 20000 KB ContactInfo Chris Sheats <yawnbox@gmail.com> DirPort 9030 DirPortFrontPage /var/www/index.html ExitPolicy accept *:20-23 # FTP, SSH, telnet ExitPolicy accept *:43 # WHOIS ExitPolicy accept *:53 # DNS ExitPolicy accept *:79-81 # finger, HTTP ExitPolicy accept *:88 # kerberos ExitPolicy accept *:110 # POP3 ExitPolicy accept *:119 # accept nntp as well as default exit policy ExitPolicy accept *:143 # IMAP ExitPolicy accept *:194 # IRC ExitPolicy accept *:220 # IMAP3 ExitPolicy accept *:389 # LDAP ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:464 # kpasswd ExitPolicy accept *:465 # smtps (SMTP over SSL) ExitPolicy accept *:531 # IRC/AIM ExitPolicy accept *:543-544 # Kerberos ExitPolicy accept *:554 # RTSP ExitPolicy accept *:563 # NNTP over SSL ExitPolicy accept *:636 # LDAP over SSL ExitPolicy accept *:706 # SILC ExitPolicy accept *:749 # kerberos ExitPolicy accept *:873 # rsync ExitPolicy accept *:902-904 # VMware ExitPolicy accept *:981 # Remote HTTPS management for firewall ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL ExitPolicy accept *:1194 # OpenVPN ExitPolicy accept *:1220 # QT Server Admin ExitPolicy accept *:1293 # PKT-KRB-IPSec ExitPolicy accept *:1500 # VLSI License Manager ExitPolicy accept *:1533 # Sametime ExitPolicy accept *:1677 # GroupWise ExitPolicy accept *:1723 # PPTP ExitPolicy accept *:1755 # RTSP ExitPolicy accept *:1863 # MSNP ExitPolicy accept *:2082 # Infowave Mobility Server ExitPolicy accept *:2083 # Secure Radius Service (radsec) ExitPolicy accept *:2086-2087 # GNUnet, ELI ExitPolicy accept *:2095-2096 # NBX ExitPolicy accept *:2102-2104 # Zephyr ExitPolicy accept *:3128 # SQUID ExitPolicy accept *:3389 # MS WBT ExitPolicy accept *:3690 # SVN ExitPolicy accept *:4321 # RWHOIS ExitPolicy accept *:4643 # Virtuozzo ExitPolicy accept *:5050 # MMCC ExitPolicy accept *:5190 # ICQ ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL ExitPolicy accept *:5228 # Android Market ExitPolicy accept *:5900 # VNC ExitPolicy accept *:6660-6669 # IRC ExitPolicy accept *:6679 # IRC SSL ExitPolicy accept *:6697 # IRC SSL ExitPolicy accept *:8000 # iRDMI ExitPolicy accept *:8008 # HTTP alternate ExitPolicy accept *:8074 # Gadu-Gadu ExitPolicy accept *:8080 # HTTP Proxies ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP ExitPolicy accept *:8332-8333 # BitCoin ExitPolicy accept *:8443 # PCsync HTTPS ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE ExitPolicy accept *:9418 # git ExitPolicy accept *:9999 # distinct ExitPolicy accept *:10000 # Network Data Management Protocol ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol) ExitPolicy accept *:19294 # Google Voice TCP ExitPolicy accept *:19638 # Ensim control panel ExitPolicy reject *:*
After updating my UFW (iptables) rules, I rebooted my host and everything works great!