Customize

Show your solidarity: how to setup a TOR relay via GUI

Discussion in 'Keeping Your Anonymity In Iran' started by echo-IRAN, Jun 18, 2009.

  1. echo-IRAN Member

    TOR may not be the best solution in Iran for all cases, but it's something everybody having a broadband connection can do. You can show your solidarity by becoming a relay in a few simple steps. There are about 1,600 relays so everybody counts. A more responsive TOR service will also reduce the load on other similar proxy services.

    It is not obvious that TOR does not need any installation or configuration, or very little in the case of setting up a relay. This is true even if you have firewalls, routers, or needing proxies to access the outside world. All can be done via the GUI for most people, using point and click only, both for Windows and Mac versions. There are other documentations on the official website and elsewhere. This one is specifically for someone new to TOR wanting to run a relay.

    If you are new to TOR, or need a very safe way to access the Internet, you are better off downloading the portable version with Firefox browser bundled and pre-configured. The whole 12 Mb can be placed on a USB drive, needing no installation, leaving no trace on the computer(?), probably good enough for cybercafes in China.

    To setup a TOR relay, you need the Windows installation version (or Mac) bundled with Vidalia. If you want to use TOR at the same time, you may want to use a newer development version that support country codes, see here. After installation, TOR should be working even behind a firewall/router, and Vidalia would be fired up.

    tor+38.jpg

    To setup a relay, click on setup relaying of course.

    tor+39.jpg

    Check "relay traffic for TOR". You just need to pick your nickname, leaving others default. The relay directory contains all the relay IP's (<2000) for TOR clients to find. It does not take up much resources to mirror it unless you have a bare bone computer. If you are behind a plug-and-play firewall/router (most consumer types are), you can try auto config port forwarding and test it.

    Instead of, not in addition to, relay traffic, you many want to "help censored users" by becoming a TOR bridge. According to TOR documentation, bridges with unpublished IP's only connect users to and from TOR relays, when their published IP's are being blocked. If you have friends, you send them your bridge address and you can act as a reliable and trusted entry point to the TOR system. But a bridge do not help to speed up TOR, which is equally shared by all users in the system, because by design you can't block someone more than the others. Your unpublished bridge address will also be automatically send to someone in need, see here.

    In the Iran case, because ISP's may be blocking 443, one TOR people commented that "anything but 443". Anything higher than say 10000 for both ports will be OK. But for public relays, the usual pick is 9001 for the Relay Port and 9030 for the Dir Port. It's a matter of not standing out from the pool.

    tor+40.jpg

    If you have broadband DLS or Cable, the upload speed is usually greater than 1.5 Mbps. You can test it at the many speed test websites. You can pick a smaller value to limit the bandwidth you contribute.

    tor+43.jpg

    The most important choice is the exit policy. If you do not check any, you are a non-exit relay. Your IP will not be exposed to any Internet services that other TOR clients use. But still you have useful contribution to the internal routing to make other users untraceable (not absolutely). The most contribution will be of course to allow ordinary websites and SSL (for login's etc). A anonymous and secure connection needs 3 nodes, the last one being the exit node.

    http://4.bp.blogspot.com/_sCWxwrLI9Kg/Sjpg0miVsDI/AAAAAAAAAAM/ioB_CCqbdrc/s320/tor+42.jpg

    If everything is working well, you can see traffic on the Bandwidth Graph, while you are not doing anything. And your relay and status will appear on the master list if you are up enough.

    If you are behind some corporate firewalls, you may need to go to the Network tap to set your proxy to the outside world, or use some other ports that are not blocked.

    Security issues

    By being a Relay, your IP will be listed in the TOR master directory. I don't think it's any riskier than setting up a proxy and giving your IP to some trusted persons for specific purposes - I would assume my IP will leak to the public in the worst case.

    From IP addresses, your ID can be traced by court order issued to your ISP. Your ISP should be doing a fairly good job to protect access to your ID, otherwise exodus will ensure.

    If you are an Exit Relay, your IP will automatically be banned by Wikipedia from editing, and you will need extra verification in google to proof that you are not a robot. According to TOR, for many years, so far there is no person getting in trouble with the law, and the Electronic Frontier Foundation is ready to represent you or help you in other countries. The good thing is that, TOR is so well known that you will not be liable for anything you do yourself.

    If you are a Bridge Relay, your IP is not published, but I suppose it is listed in some internal directories and automatically issued to people who ask for it via the TOR people.

    If your IP is dynamically assigned via DHCP, most ISPs are, you can can change your IP at will. If you have a firewall/router, do a DHCP release. If you are directly connected to your cable/dsl modem, in Windows XP

    1. Select Run... from the Start menu.
    2. Enter cmd in the dialog box and click OK
    3. Type ipconfig /release in the Command Prompt window and press Enter. You should get a message telling you that the IP address was successfully released.

    Turn off your modem for a couple of hours to overnight. Turn it back on. Do a DHCP renew on your firewill/router. Or if you are directly connected, do ipconfig /renew. You should have a new IP if your modem is off long enough.

    Your computer should be protected by a firewall box, or a soft firewall, or both. Even if you IP is not public listed in TOR, your ports are likely being scanned many times over every day.

    To use TOR yourself, see here. Country code information here.
  2. Or rent a cheap server

    To avoid some problems and get higher speeds, you can also rent a cheap server and set it up as a tor relay.
    I just found a very cheap offer (only 10U$/month, no setup fee, unmetered bandwidth) and it works like a charm.
    If someone is interested I can post a quick howto/recommendations.
  3. acting as a proxy help

    so I have checked the "Help Censored users" box

    I assume that is how I setup a tor proxy, is it then my IP that I share as a proxy? what port do I tell them to use?
  4. echo-IRAN Member

    The "Help censored users" box is to setup a TOR bridge if TOR itself is blocked. In this case you have to send your bridge address to somebody who needs it. I hear no feedback about this.

    Otherwise, "to relay traffic" is to become a TOR relay, and TOR itself is a big reliable proxy. You don't need to do anything else as your relay will be in the master list. At the same time, you cannot be a bridge and an exit relay, which is more desirable.
  5. thanks for the info
  6. thanks

    thanks for the info, im glad i could have done something to help
  7. can someone explain the difference between an exit and non-exit relay? My understanding, it seems, is that being a non-exit relay you're just passing information along to another relay without actually going to destination sites themselves?
  8. That's right, non-exit you only are a tube without exit, you're just "passing" info.

    You can set up an exit relay and limit access to websites and securised websites (the 2 most important options).
  9. An exit-node is similar to an ordinary proxy - the visited website see the node's IP instead of the surfer's IP. Therefore you can choose not to be an exit node so your IP will never be exposed to any websites or services. Each connection in TOR has a chain of several nodes to provide anonymity, so nobody knows everything. The node that knows your IP do not know where you are visiting nor the content of it. The exit node do not know who you are and where the request comes from. The middle node(s) mash up traffic to make it untraceable. Something like that ...
  10. Ver Greeneyes Member

    Guys, does it matter if you have the latest geoip file? I just got the latest one and cut it using cygwin, I could share it here if you're interested.
  11. What is the use of geoip ? Do we really need it ?
  12. Ver Greeneyes Member

    I presume it helps Tor prioritize places with a lot of censoring. The alpha bundle includes a copy from April, and it displays an error in the message log if you don't have it. I'm no expert though, if anyone here's in the know I'd appreciate a detailed explanation :)

    I know you can also set it up to connect to only specific ranges of IP addresses but I haven't had any luck with this in the past. Even if we could prioritize Iran, it's probably better to let the network balance itself out - every connection helps.
  13. Okay I understand. I don't have the file and sometimes TOR asks for it.

    It would be nice to prioritize Iran cause right now I don't know if I'm helping Iranians or a sucker in the USA (Pease USA).
  14. Ver Greeneyes Member

    Oh well, regardless of how it works, if anyone is interested here it is. For Windows, place it in %AppData%\tor (if you type %AppData% into an address bar in Explorer it'll extend automatically to something like C:\Users\[username]\AppData\Roaming depending on your version of windows)
  15. echo-IRAN Member

    country codes

    I got it and tried it. It's a way for TOR users to pick Relays for a secure connection, but not the other way round, it seems. See TOR sticky.
  16. casey-IRAN Member

    Setting up port mapping

    Hi, I have an Airport Express base station that I use for my network. I've been scouring the net looking for instructions on how to open the ports that Vidalia needs to run properly but I can't figure it out. Can someone please post a rundown of how to get an Airport Express network open for Tor use?

    Thank you.
  17. Anonymous Member

    Will setting up relays on multiple machines that use the same connection/router help?
  18. echo-IRAN Member

    Because you have 1 external IP, I guess port forwarding probly wont' work if you have two TOR. And one TOR can probly use up the bandwidth.
  19. echo-IRAN Member

  20. BadMojo Member

    Finally setup a Tor relay. Thanks to everyone on #irantech for their help.

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins