Why do I need an output node at all?
There is an Internet network, and there is a top network. In simple terms, if you explain, then http and. onion
Well, if you use the tor browser, surf through. onion resources. Then everything is in a bundle, the traffic is in an encrypted network and we are safe.
And if we want to go to http, that is, to the Internet, from the tor browser, then our traffic is automatically copied through the output node, because the Internet cannot read tor traffic and for this purpose output nodes are created that "convert" tor traffic into Internet traffic.
And thus we are already viewing http sites from the tor, but there is a danger here. Anyone can become the owner of the Output node, including special services.
And what does it mean to be the owner of a tor node?
If you own a router, you can easily intercept Http traffic. And no one will notice. With https, the situation is more complicated, but it is also quite feasible.
And the torus architecture is designed so that we connect to random tor nodes.
What is the conclusion? The owner of the exit node may be a fraudster or an employee of some organizations. So they can intercept your identification data, all the pages where you surf, files that were downloaded, and in General that's all.
But, there is a way out. We can become the owner of the exit node ourselves. the advantages are that our traffic will only be ours and no one will be able to listen to it. And we will be able to listen to others and vacuum up logs, identification data and, in principle, all traffic that comes through our node. Tempting?
Let's look at how we can raise the output node.
We need to buy a server, VPS. Debian 8 x64 version of the configuration can be the simplest to choose, in General, such a VPS costs about$ 10 approximately. The second point, if you regat a tor node on your data, then we all know how people were arrested for maintaining a tor node, when dirty mud poured from this node, the owner was arrested and shaken. So take care of your own safety.
Accordingly, after we have purchased the VPS, we log in to it and issue the following commands.
Code:
# Update packages.
apt-get update
# Install the tor itself directly.
apt-get install tor
# Install the editor if it is not installed
apt-get install nano
# Next, go to configuring the config
nano /etc/tor/torrc
# I throw off an example of the config and tell you about it in more detail and accordingly what to edit and what to change.
SocksPort 9050
ORPort 9001
Nickname torname
RelayBandwidthRate 80 KB
RelayBandwidthBurst 100 KB
ExitPolicy accept *:20-23 # FTP, SSH, telnet
ExitPolicy accept *:43 # WHOISsk
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:79-81 # finger, HTTP
ExitPolicy accept *:88 # kerberos
ExitPolicy accept *:143 # IMAP
ExitPolicy accept *:194 # IRC
ExitPolicy accept *:220 # IMAP3
ExitPolicy accept *:389 # LDAP
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:464 # kpasswd
ExitPolicy accept *:531 # IRC/AIM
ExitPolicy accept *:543-544 # Kerberos
ExitPolicy accept *:554 # RTSP
ExitPolicy accept *:563 # NNTP over SSL
ExitPolicy accept *:636 # LDAP over SSL
ExitPolicy accept *:706 # SILC
ExitPolicy accept *:749 # kerberos
ExitPolicy accept *:873 # rsync
ExitPolicy accept *:902-904 # VMware
ExitPolicy accept *:981 # Remote HTTPS management for firewall
ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL
ExitPolicy accept *:1194 # OpenVPN
ExitPolicy accept *:1220 # QT Server Admin
ExitPolicy accept *:1293 # PKT-KRB-IPSec
ExitPolicy accept *:1500 # VLSI License Manager
ExitPolicy accept *:1533 # Sametime
ExitPolicy accept *:1677 # GroupWise
ExitPolicy accept *:1723 # PPTP
ExitPolicy accept *:1755 # RTSP
ExitPolicy accept *:1863 # MSNP
ExitPolicy accept *:2082 # Infowave Mobility Server
ExitPolicy accept *:2083 # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128 # SQUID
ExitPolicy accept *:3389 # MS WBT
ExitPolicy accept *:3690 # SVN
ExitPolicy accept *:4321 # RWHOIS
ExitPolicy accept *:4643 # Virtuozzo
ExitPolicy accept *:5050 # MMCC
ExitPolicy accept *:5190 # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228 # Android Market
ExitPolicy accept *:5900 # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679 # IRC SSL
ExitPolicy accept *:6697 # IRC SSL
ExitPolicy accept *:8000 # iRDMI
ExitPolicy accept *:8008 # HTTP alternate
ExitPolicy accept *:8074 # Gadu-Gadu
ExitPolicy accept *:8080 # HTTP Proxies
ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
ExitPolicy accept *:8332-8333 # Bitcoin
ExitPolicy accept *:8443 # PCsync HTTPS
ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE
ExitPolicy accept *:9418 # git
ExitPolicy accept *:9999 # distinct
ExitPolicy accept *:10000 # Network Data Management Protocol
ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol)
ExitPolicy accept *:12350 # Skype - XXX: Remove? Skype bans tor now..
ExitPolicy accept *:19294 # Google Voice TCP
ExitPolicy accept *:19638 # Ensim control panel
ExitPolicy accept *:23456 # Skype - XXX: Remove? Skype bans tor now..
ExitPolicy accept *:33033 # Skype - XXX: Remove? Skype bans tor now..
ExitPolicy accept *:50002 # Electrum Bitcoin SSL
ExitPolicy accept *:64738 # Mumble
ExitPolicy reject *:*
This config, or this one, or your one, must be inserted in the config (see the previous command).
This should be done using copy-paste. in Linux, to copy to the terminal, you need Ctrl+shift+v
You should not rewrite manually, because if you make at least 1 mistake. nothing will work.
At the very beginning, the SocksPort parameter is the port on which the TOR network will work, that is, there you need to specify two ports on which the tor will work - one port for data transfer, and the second for exchanging information about the node9050-for transmitting 9001-for exchanging information .
Next, Nickname Is a mandatory parameter - the tor node must be called something, then you need to change TORNAME to your own - think of something. Any name.
The next 2 parameters are responsible for RelayBandwidthRate 80 KB-80 Kbytes per second.
this means 80*8= ... kbit / s and this is a good speed.
If we want to increase-then we can increase the bandwidth-depends on the task - if we don't use streaming or something like that (where you need to transmit and receive information online), then it's better to leave it as it is.
Next, the tor node will be used by everyone who wants to, so it's very important not to overdo it - they will clog the channel and devour all the traffic that we are given on the do. There are limits there.
When buying a server, the configuration indicates that it costs at least 1 TB by default.
The second parameter is the so-called Burst. This is a technology when, for example, an application using a network tries to request a larger communication channel from the router than it gives it, sends such a burst query "give me more channel", and the router gives it 100KB. In this case, the Torno router then eventually cuts down to 80 anyway. This is done in order to push packages faster, so to speak, for example, we download 100 gigs from the Internet, download a week, but in a certain period of time the speed went down
Next is a bunch of ExitPolicy accept parameters.
These parameters allow traffic to pass through specific ports . Popular ports are listed here , so you can delete what you don't need, or you can leave it or add special ports.
The thing is, for anonymity, sometimes it's good to have a lot of traffic. How to get lost in a city of 5 million people is easier than in a village of 100 people.
Therefore, it's up to you to decide if our goal is to minimize traffic and then the stability will be higher than the channel - then allow only 1 port that is needed, and if we want such a large garbage can of traffic, then do not change anything in the config.
At the very bottom
Code:
reject
This means that everything that is not allowed is forbidden, that is, we have opened ports (listed accept...) and block the rest.
Next, we save and restart the tor.
Code:
/etc/init.d/tor restart
and see the output of ps-aux | grep tor
This command will show running processes and filter them by the word tor
If there are no red errors, it means that tor started successfully after rebooting
Relay Search
atlas.torproject.org
When we go to the page in the upper-right corner there will be a search box - we enter the IP address of the server on which the tor node was raised.
Atlas doesn't know anything about it right away. Usually, tor servers ask all tor participants approximately every 2 hours, and after 2 hours, the tor node should start working.
You can check it in the Atlas and when it appears there, the node's torus will start working.
There is an Internet network, and there is a top network. In simple terms, if you explain, then http and. onion
Well, if you use the tor browser, surf through. onion resources. Then everything is in a bundle, the traffic is in an encrypted network and we are safe.
And if we want to go to http, that is, to the Internet, from the tor browser, then our traffic is automatically copied through the output node, because the Internet cannot read tor traffic and for this purpose output nodes are created that "convert" tor traffic into Internet traffic.
And thus we are already viewing http sites from the tor, but there is a danger here. Anyone can become the owner of the Output node, including special services.
And what does it mean to be the owner of a tor node?
If you own a router, you can easily intercept Http traffic. And no one will notice. With https, the situation is more complicated, but it is also quite feasible.
And the torus architecture is designed so that we connect to random tor nodes.
What is the conclusion? The owner of the exit node may be a fraudster or an employee of some organizations. So they can intercept your identification data, all the pages where you surf, files that were downloaded, and in General that's all.
But, there is a way out. We can become the owner of the exit node ourselves. the advantages are that our traffic will only be ours and no one will be able to listen to it. And we will be able to listen to others and vacuum up logs, identification data and, in principle, all traffic that comes through our node. Tempting?
Let's look at how we can raise the output node.
We need to buy a server, VPS. Debian 8 x64 version of the configuration can be the simplest to choose, in General, such a VPS costs about$ 10 approximately. The second point, if you regat a tor node on your data, then we all know how people were arrested for maintaining a tor node, when dirty mud poured from this node, the owner was arrested and shaken. So take care of your own safety.
Accordingly, after we have purchased the VPS, we log in to it and issue the following commands.
Code:
# Update packages.
apt-get update
# Install the tor itself directly.
apt-get install tor
# Install the editor if it is not installed
apt-get install nano
# Next, go to configuring the config
nano /etc/tor/torrc
# I throw off an example of the config and tell you about it in more detail and accordingly what to edit and what to change.
SocksPort 9050
ORPort 9001
Nickname torname
RelayBandwidthRate 80 KB
RelayBandwidthBurst 100 KB
ExitPolicy accept *:20-23 # FTP, SSH, telnet
ExitPolicy accept *:43 # WHOISsk
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:79-81 # finger, HTTP
ExitPolicy accept *:88 # kerberos
ExitPolicy accept *:143 # IMAP
ExitPolicy accept *:194 # IRC
ExitPolicy accept *:220 # IMAP3
ExitPolicy accept *:389 # LDAP
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:464 # kpasswd
ExitPolicy accept *:531 # IRC/AIM
ExitPolicy accept *:543-544 # Kerberos
ExitPolicy accept *:554 # RTSP
ExitPolicy accept *:563 # NNTP over SSL
ExitPolicy accept *:636 # LDAP over SSL
ExitPolicy accept *:706 # SILC
ExitPolicy accept *:749 # kerberos
ExitPolicy accept *:873 # rsync
ExitPolicy accept *:902-904 # VMware
ExitPolicy accept *:981 # Remote HTTPS management for firewall
ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL
ExitPolicy accept *:1194 # OpenVPN
ExitPolicy accept *:1220 # QT Server Admin
ExitPolicy accept *:1293 # PKT-KRB-IPSec
ExitPolicy accept *:1500 # VLSI License Manager
ExitPolicy accept *:1533 # Sametime
ExitPolicy accept *:1677 # GroupWise
ExitPolicy accept *:1723 # PPTP
ExitPolicy accept *:1755 # RTSP
ExitPolicy accept *:1863 # MSNP
ExitPolicy accept *:2082 # Infowave Mobility Server
ExitPolicy accept *:2083 # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128 # SQUID
ExitPolicy accept *:3389 # MS WBT
ExitPolicy accept *:3690 # SVN
ExitPolicy accept *:4321 # RWHOIS
ExitPolicy accept *:4643 # Virtuozzo
ExitPolicy accept *:5050 # MMCC
ExitPolicy accept *:5190 # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228 # Android Market
ExitPolicy accept *:5900 # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679 # IRC SSL
ExitPolicy accept *:6697 # IRC SSL
ExitPolicy accept *:8000 # iRDMI
ExitPolicy accept *:8008 # HTTP alternate
ExitPolicy accept *:8074 # Gadu-Gadu
ExitPolicy accept *:8080 # HTTP Proxies
ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
ExitPolicy accept *:8332-8333 # Bitcoin
ExitPolicy accept *:8443 # PCsync HTTPS
ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE
ExitPolicy accept *:9418 # git
ExitPolicy accept *:9999 # distinct
ExitPolicy accept *:10000 # Network Data Management Protocol
ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol)
ExitPolicy accept *:12350 # Skype - XXX: Remove? Skype bans tor now..
ExitPolicy accept *:19294 # Google Voice TCP
ExitPolicy accept *:19638 # Ensim control panel
ExitPolicy accept *:23456 # Skype - XXX: Remove? Skype bans tor now..
ExitPolicy accept *:33033 # Skype - XXX: Remove? Skype bans tor now..
ExitPolicy accept *:50002 # Electrum Bitcoin SSL
ExitPolicy accept *:64738 # Mumble
ExitPolicy reject *:*
This config, or this one, or your one, must be inserted in the config (see the previous command).
This should be done using copy-paste. in Linux, to copy to the terminal, you need Ctrl+shift+v
You should not rewrite manually, because if you make at least 1 mistake. nothing will work.
At the very beginning, the SocksPort parameter is the port on which the TOR network will work, that is, there you need to specify two ports on which the tor will work - one port for data transfer, and the second for exchanging information about the node9050-for transmitting 9001-for exchanging information .
Next, Nickname Is a mandatory parameter - the tor node must be called something, then you need to change TORNAME to your own - think of something. Any name.
The next 2 parameters are responsible for RelayBandwidthRate 80 KB-80 Kbytes per second.
this means 80*8= ... kbit / s and this is a good speed.
If we want to increase-then we can increase the bandwidth-depends on the task - if we don't use streaming or something like that (where you need to transmit and receive information online), then it's better to leave it as it is.
Next, the tor node will be used by everyone who wants to, so it's very important not to overdo it - they will clog the channel and devour all the traffic that we are given on the do. There are limits there.
When buying a server, the configuration indicates that it costs at least 1 TB by default.
The second parameter is the so-called Burst. This is a technology when, for example, an application using a network tries to request a larger communication channel from the router than it gives it, sends such a burst query "give me more channel", and the router gives it 100KB. In this case, the Torno router then eventually cuts down to 80 anyway. This is done in order to push packages faster, so to speak, for example, we download 100 gigs from the Internet, download a week, but in a certain period of time the speed went down
Next is a bunch of ExitPolicy accept parameters.
These parameters allow traffic to pass through specific ports . Popular ports are listed here , so you can delete what you don't need, or you can leave it or add special ports.
The thing is, for anonymity, sometimes it's good to have a lot of traffic. How to get lost in a city of 5 million people is easier than in a village of 100 people.
Therefore, it's up to you to decide if our goal is to minimize traffic and then the stability will be higher than the channel - then allow only 1 port that is needed, and if we want such a large garbage can of traffic, then do not change anything in the config.
At the very bottom
Code:
reject
This means that everything that is not allowed is forbidden, that is, we have opened ports (listed accept...) and block the rest.
Next, we save and restart the tor.
Code:
/etc/init.d/tor restart
and see the output of ps-aux | grep tor
This command will show running processes and filter them by the word tor
If there are no red errors, it means that tor started successfully after rebooting
Relay Search
atlas.torproject.org
When we go to the page in the upper-right corner there will be a search box - we enter the IP address of the server on which the tor node was raised.
Atlas doesn't know anything about it right away. Usually, tor servers ask all tor participants approximately every 2 hours, and after 2 hours, the tor node should start working.
You can check it in the Atlas and when it appears there, the node's torus will start working.
