Project

General

Profile

Support #796

Install a TOR Exit Node on FreeBSD

Added by Daniel Curtis about 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Curtis
Category:
The Onion Router (TOR)
Target version:
FreeBSD 10
Start date:
04/10/2016
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:
1.00 h

Description

This is a simple guide for getting TOR setup as an exit node on FreeBSD 10.2.

Prepare the Environment

  • Make sure the system is up to date:
    pkg update && pkg upgrade

Install TOR

  • Install TOR:
    pkg install tor
  • Tor users are strongly advised to prevent traffic analysis that exploits sequential IP IDs by setting:
    sysctl net.inet.ip.random_id=1
    • Reboot for it to take effect:
      reboot
  • Edit the TOR config file:
    vi /usr/local/etc/tor/torrc
    • And add/modify the following lines:
      ORPort 443
Nickname ExampleNode
RelayBandwidthRate 1024 KB
RelayBandwidthBurst 1024 KB
ContactInfo Bob User <bob@example.com>
ExitPolicy accept *:20-23     # FTP, SSH, telnet
ExitPolicy accept *:43        # WHOIS
ExitPolicy accept *:53        # DNS
ExitPolicy accept *:79-81     # finger, HTTP
ExitPolicy accept *:88        # kerberos
ExitPolicy accept *:110       # POP3
ExitPolicy accept *:143       # IMAP
ExitPolicy accept *:194       # IRC
ExitPolicy accept *:220       # IMAP3
ExitPolicy accept *:389       # LDAP
ExitPolicy accept *:443       # HTTPS
ExitPolicy accept *:464       # kpasswd
ExitPolicy accept *:531       # IRC/AIM
ExitPolicy accept *:543-544   # Kerberos
ExitPolicy accept *:554       # RTSP
ExitPolicy accept *:563       # NNTP over SSL
ExitPolicy accept *:636       # LDAP over SSL
ExitPolicy accept *:706       # SILC
ExitPolicy accept *:749       # kerberos 
ExitPolicy accept *:873       # rsync
ExitPolicy accept *:902-904   # VMware
ExitPolicy accept *:981       # Remote HTTPS management for firewall
ExitPolicy accept *:989-995   # FTP over SSL, telnets, IMAP over SSL, etc
ExitPolicy accept *:1194      # OpenVPN
ExitPolicy accept *:1220      # QT Server Admin
ExitPolicy accept *:1293      # PKT-KRB-IPSec
ExitPolicy accept *:1500      # VLSI License Manager
ExitPolicy accept *:1533      # Sametime
ExitPolicy accept *:1677      # GroupWise
ExitPolicy accept *:1723      # PPTP
ExitPolicy accept *:1755      # RTSP
ExitPolicy accept *:1863      # MSNP
ExitPolicy accept *:2082      # Infowave Mobility Server
ExitPolicy accept *:2083      # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128      # SQUID
ExitPolicy accept *:3389      # MS WBT
ExitPolicy accept *:3690      # SVN
ExitPolicy accept *:4321      # RWHOIS
ExitPolicy accept *:4643      # Virtuozzo
ExitPolicy accept *:5050      # MMCC
ExitPolicy accept *:5190      # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228      # Android Market
ExitPolicy accept *:5900      # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679      # IRC SSL  
ExitPolicy accept *:6697      # IRC SSL  
ExitPolicy accept *:8000      # iRDMI
ExitPolicy accept *:8008      # HTTP alternate
ExitPolicy accept *:8074      # Gadu-Gadu
ExitPolicy accept *:8080      # HTTP Proxies
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
ExitPolicy accept *:8332-8333 # BitCoin
ExitPolicy accept *:8443      # PCsync HTTPS
ExitPolicy accept *:8888      # HTTP Proxies, NewsEDGE
ExitPolicy accept *:9418      # git
ExitPolicy accept *:9999      # distinct
ExitPolicy accept *:10000     # Network Data Management Protocol
ExitPolicy accept *:11371     # OpenPGP hkp (http keyserver protocol)
ExitPolicy accept *:12350     # Skype
ExitPolicy accept *:19294     # Google Voice TCP
ExitPolicy accept *:19638     # Ensim control panel
ExitPolicy accept *:23456     # Skype
ExitPolicy accept *:33033     # Skype
ExitPolicy reject *:*
  • Start and enable TOR at boot:
    echo 'tor_enable="YES"' >> /etc/rc.conf
echo 'tor_user="root"' >> /etc/rc.conf
service tor start
    • NOTE: This guide configures the ORPort on 443, so the tor user must be set to root to work properly.
  • Fix the permissions of the TOR database directory:
    chown -R root /var/db/tor
  • It is also a good idea to sign up to the tor-announce and tor-relay mailing lists for questions and announcement information.

Resources

#1

Updated by Daniel Curtis about 8 years ago

  • Description updated (diff)
  • Status changed from New to Resolved
  • % Done changed from 0 to 100
#2

Updated by Daniel Curtis about 8 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF