Project

General

Profile

Support #796

Updated by Daniel Curtis over 8 years ago

This is a simple guide for getting TOR setup as an exit node on FreeBSD 10.2. 

 h2. Prepare the Environment 

 * Make sure the system is up to date: 
 <pre> 
 pkg update && pkg upgrade 
 </pre> 

 h2. Install TOR 

 * Install TOR: 
 <pre> 
 pkg install tor 
 </pre> 

 * Tor users are strongly advised to prevent traffic analysis that exploits sequential IP IDs by setting: 
 <pre> 
 sysctl net.inet.ip.random_id=1 
 </pre> 
 #* Reboot for it to take effect: 
 <pre> 
 reboot 
 </pre> 

 * Edit the TOR config file: 
 <pre> 
 vi /usr/local/etc/tor/torrc 
 </pre> 
 #* And add/modify the following lines: 
 <pre> 
 ORPort 443 9001 
 Nickname ExampleNode 
 RelayBandwidthRate 1024 KB 
 RelayBandwidthBurst 1024 KB 
 ContactInfo Bob User <bob@example.com> 
 ExitPolicy accept *:20-23       # FTP, SSH, telnet 
 ExitPolicy accept *:43          # WHOIS 
 ExitPolicy accept *:53          # DNS 
 ExitPolicy accept *:79-81       # finger, HTTP 
 ExitPolicy accept *:88          # kerberos 
 ExitPolicy accept *:110         # POP3 
 ExitPolicy accept *:143         # IMAP 
 ExitPolicy accept *:194         # IRC 
 ExitPolicy accept *:220         # IMAP3 
 ExitPolicy accept *:389         # LDAP 
 ExitPolicy accept *:443         # HTTPS 
 ExitPolicy accept *:464         # kpasswd 
 ExitPolicy accept *:531         # IRC/AIM 
 ExitPolicy accept *:543-544     # Kerberos 
 ExitPolicy accept *:554         # RTSP 
 ExitPolicy accept *:563         # NNTP over SSL 
 ExitPolicy accept *:636         # LDAP over SSL 
 ExitPolicy accept *:706         # SILC 
 ExitPolicy accept *:749         # kerberos  
 ExitPolicy accept *:873         # rsync 
 ExitPolicy accept *:902-904     # VMware 
 ExitPolicy accept *:981         # Remote HTTPS management for firewall 
 ExitPolicy accept *:989-995     # FTP over SSL, telnets, IMAP over SSL, etc 
 ExitPolicy accept *:1194        # OpenVPN 
 ExitPolicy accept *:1220        # QT Server Admin 
 ExitPolicy accept *:1293        # PKT-KRB-IPSec 
 ExitPolicy accept *:1500        # VLSI License Manager 
 ExitPolicy accept *:1533        # Sametime 
 ExitPolicy accept *:1677        # GroupWise 
 ExitPolicy accept *:1723        # PPTP 
 ExitPolicy accept *:1755        # RTSP 
 ExitPolicy accept *:1863        # MSNP 
 ExitPolicy accept *:2082        # Infowave Mobility Server 
 ExitPolicy accept *:2083        # Secure Radius Service (radsec) 
 ExitPolicy accept *:2086-2087 # GNUnet, ELI 
 ExitPolicy accept *:2095-2096 # NBX 
 ExitPolicy accept *:2102-2104 # Zephyr 
 ExitPolicy accept *:3128        # SQUID 
 ExitPolicy accept *:3389        # MS WBT 
 ExitPolicy accept *:3690        # SVN 
 ExitPolicy accept *:4321        # RWHOIS 
 ExitPolicy accept *:4643        # Virtuozzo 
 ExitPolicy accept *:5050        # MMCC 
 ExitPolicy accept *:5190        # ICQ 
 ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL 
 ExitPolicy accept *:5228        # Android Market 
 ExitPolicy accept *:5900        # VNC 
 ExitPolicy accept *:6660-6669 # IRC 
 ExitPolicy accept *:6679        # IRC SSL   
 ExitPolicy accept *:6697        # IRC SSL   
 ExitPolicy accept *:8000        # iRDMI 
 ExitPolicy accept *:8008        # HTTP alternate 
 ExitPolicy accept *:8074        # Gadu-Gadu 
 ExitPolicy accept *:8080        # HTTP Proxies 
 ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP 
 ExitPolicy accept *:8332-8333 # BitCoin 
 ExitPolicy accept *:8443        # PCsync HTTPS 
 ExitPolicy accept *:8888        # HTTP Proxies, NewsEDGE 
 ExitPolicy accept *:9418        # git 
 ExitPolicy accept *:9999        # distinct 
 ExitPolicy accept *:10000       # Network Data Management Protocol 
 ExitPolicy accept *:11371       # OpenPGP hkp (http keyserver protocol) 
 ExitPolicy accept *:12350       # Skype 
 ExitPolicy accept *:19294       # Google Voice TCP 
 ExitPolicy accept *:19638       # Ensim control panel 
 ExitPolicy accept *:23456       # Skype 
 ExitPolicy accept *:33033       # Skype 
 ExitPolicy reject *:* 
 </pre> 

 * Start and enable TOR at boot: 
 <pre> 
 echo 'tor_enable="YES"' >> /etc/rc.conf 
 echo 'tor_user="root"' >> /etc/rc.conf 
 service tor start 
 </pre> 
 #* *NOTE*: This guide configures the ORPort on 443, so the tor user must be set to root to work properly. 

 * Fix the permissions of the TOR database directory: 
 <pre> 
 chown -R root /var/db/tor 
 </pre> 

 * It is also a good idea to sign up to the "tor-announce":https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce and tor-relay mailing lists for questions and announcement information. 

 h2. Resources 

 * http://www.bsdnow.tv/tutorials/tor 
 * https://www.torproject.org/docs/tor-doc-relay.html.en 
 * https://blog.torproject.org/running-exit-node 
 * https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines 
 * https://www.torproject.org/eff/tor-legal-faq 
 * https://blog.torproject.org/running-exit-node 
 * https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity 
 * https://gitweb.torproject.org/tor.git/plain/contrib/operator-tools/tor-exit-notice.html 
 * https://wiki.archlinux.org/index.php/tor

Back