Project

General

Profile

Support #796

Install a TOR Exit Node on FreeBSD

Added by Daniel Curtis over 8 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
The Onion Router (TOR)
Target version:
Start date:
04/10/2016
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:

Description

This is a simple guide for getting TOR setup as an exit node on FreeBSD 10.2.

Prepare the Environment

  • Make sure the system is up to date:
    pkg update && pkg upgrade
    

Install TOR

  • Install TOR:
    pkg install tor
    
  • Tor users are strongly advised to prevent traffic analysis that exploits sequential IP IDs by setting:
    sysctl net.inet.ip.random_id=1
    
    • Reboot for it to take effect:
      reboot
      
  • Edit the TOR config file:
    vi /usr/local/etc/tor/torrc
    
    • And add/modify the following lines:
      ORPort 443
      Nickname ExampleNode
      RelayBandwidthRate 1024 KB
      RelayBandwidthBurst 1024 KB
      ContactInfo Bob User <bob@example.com>
      ExitPolicy accept *:20-23     # FTP, SSH, telnet
      ExitPolicy accept *:43        # WHOIS
      ExitPolicy accept *:53        # DNS
      ExitPolicy accept *:79-81     # finger, HTTP
      ExitPolicy accept *:88        # kerberos
      ExitPolicy accept *:110       # POP3
      ExitPolicy accept *:143       # IMAP
      ExitPolicy accept *:194       # IRC
      ExitPolicy accept *:220       # IMAP3
      ExitPolicy accept *:389       # LDAP
      ExitPolicy accept *:443       # HTTPS
      ExitPolicy accept *:464       # kpasswd
      ExitPolicy accept *:531       # IRC/AIM
      ExitPolicy accept *:543-544   # Kerberos
      ExitPolicy accept *:554       # RTSP
      ExitPolicy accept *:563       # NNTP over SSL
      ExitPolicy accept *:636       # LDAP over SSL
      ExitPolicy accept *:706       # SILC
      ExitPolicy accept *:749       # kerberos 
      ExitPolicy accept *:873       # rsync
      ExitPolicy accept *:902-904   # VMware
      ExitPolicy accept *:981       # Remote HTTPS management for firewall
      ExitPolicy accept *:989-995   # FTP over SSL, telnets, IMAP over SSL, etc
      ExitPolicy accept *:1194      # OpenVPN
      ExitPolicy accept *:1220      # QT Server Admin
      ExitPolicy accept *:1293      # PKT-KRB-IPSec
      ExitPolicy accept *:1500      # VLSI License Manager
      ExitPolicy accept *:1533      # Sametime
      ExitPolicy accept *:1677      # GroupWise
      ExitPolicy accept *:1723      # PPTP
      ExitPolicy accept *:1755      # RTSP
      ExitPolicy accept *:1863      # MSNP
      ExitPolicy accept *:2082      # Infowave Mobility Server
      ExitPolicy accept *:2083      # Secure Radius Service (radsec)
      ExitPolicy accept *:2086-2087 # GNUnet, ELI
      ExitPolicy accept *:2095-2096 # NBX
      ExitPolicy accept *:2102-2104 # Zephyr
      ExitPolicy accept *:3128      # SQUID
      ExitPolicy accept *:3389      # MS WBT
      ExitPolicy accept *:3690      # SVN
      ExitPolicy accept *:4321      # RWHOIS
      ExitPolicy accept *:4643      # Virtuozzo
      ExitPolicy accept *:5050      # MMCC
      ExitPolicy accept *:5190      # ICQ
      ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
      ExitPolicy accept *:5228      # Android Market
      ExitPolicy accept *:5900      # VNC
      ExitPolicy accept *:6660-6669 # IRC
      ExitPolicy accept *:6679      # IRC SSL  
      ExitPolicy accept *:6697      # IRC SSL  
      ExitPolicy accept *:8000      # iRDMI
      ExitPolicy accept *:8008      # HTTP alternate
      ExitPolicy accept *:8074      # Gadu-Gadu
      ExitPolicy accept *:8080      # HTTP Proxies
      ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
      ExitPolicy accept *:8332-8333 # BitCoin
      ExitPolicy accept *:8443      # PCsync HTTPS
      ExitPolicy accept *:8888      # HTTP Proxies, NewsEDGE
      ExitPolicy accept *:9418      # git
      ExitPolicy accept *:9999      # distinct
      ExitPolicy accept *:10000     # Network Data Management Protocol
      ExitPolicy accept *:11371     # OpenPGP hkp (http keyserver protocol)
      ExitPolicy accept *:12350     # Skype
      ExitPolicy accept *:19294     # Google Voice TCP
      ExitPolicy accept *:19638     # Ensim control panel
      ExitPolicy accept *:23456     # Skype
      ExitPolicy accept *:33033     # Skype
      ExitPolicy reject *:*
      
  • Start and enable TOR at boot:
    echo 'tor_enable="YES"' >> /etc/rc.conf
    echo 'tor_user="root"' >> /etc/rc.conf
    service tor start
    
    • NOTE: This guide configures the ORPort on 443, so the tor user must be set to root to work properly.
  • Fix the permissions of the TOR database directory:
    chown -R root /var/db/tor
    
  • It is also a good idea to sign up to the tor-announce and tor-relay mailing lists for questions and announcement information.

Resources

#1

Updated by Daniel Curtis over 8 years ago

  • Description updated (diff)
  • Status changed from New to Resolved
  • % Done changed from 0 to 100
#2

Updated by Daniel Curtis over 8 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF