I am learning the very basics of networking and I am trying to set up a simple Tor Bridge node in my home pc (Arch Linux). I have set ORPort to 443, and set up port-forwarding from 443 -> 443. I set the bandwidth limit to 30 MB/s, and bursts of 35 MB/s, and set the Bridge option. I start tor using ‘sudo systemctl start tor’, and use nyx to monitor traffic.

In the connections menu I can see that I am part of several circuits (6 at the moment), and I have seen a few inbound and outbound connections show up. The Download and Upload bar charts just show a few spikes of < 1 KB/sec. The only notices that I have are “Self-testing indicates your ORPort is reachable from the outside. Publishing server description” and “Performing bandwidth self-test… done.” I have left the server running over night but I do not see any improvement.

Is this normal for a new Bridge node, or have I likely configured something improperly? I have tested completely shutting off the router’s firewall and it made no difference.

  • ZalamanderOP
    link
    fedilink
    arrow-up
    4
    ·
    4 years ago

    Good to know! I will see if I can find the method because I do have a dynamic IP. Actually, I chose to make a bridge rather than a relay because I thought it dynamic IPs were better for bridges.

    • Penr0se
      link
      fedilink
      arrow-up
      4
      ·
      4 years ago

      I found it! It’s ‘BridgeDistribution “option”’ (in /etc/tor/torrc) ‘https’ (or ‘any’) is probably what you want. This advertises your bridge on https://bridges.torproject.org meaning whoever grabs a bridge from there probably doesn’t have a censored internet connection and would be fine with a non-stable (dynamic) bridge.

      ‘email’ would give your bridge info to someone who emails bridges@torproject.org as a way to circumvent some low-tier censorship.

      There’s also an ‘unallocated’ slot which are bridges given to activists during protests or to Tor developers or whatever, but I don’t know if there’s an option to specifically select that (there was some discussion on whether ‘none’ should put a bridge into this slot or not advertise a bridge at all, but I don’t know what they did in the end.)

      Lastly, I don’t think there’s a big problem running a normal relay with a dynamic IP as the IP change should be recognized right away. The difference is much bigger when running a bridge. Bridges with static IPs are very important as they can be written down and handed to a friend in a heavily censoring country and it can be relied on to be stable. Try that with a dynamic IP and your bridge will be valid for only a few hours. The good thing about dynamic bridges however is that, since some governments (like China f.e.), might start making lots of requests to bridges.torproject.org and blocking those bridges immediately, your dynamic bridge IP will be useless to them within a few hours and will effectively turn into a new unblocked bridge for someone who just wants a bridge to hide that they’re using Tor at all.

      Have fun and thanks for running a bridge relay!

      • ZalamanderOP
        link
        fedilink
        arrow-up
        3
        ·
        4 years ago

        I was under the wrong impression that dynamic IPs were not good for relays because I thought that the system would identify the node as brand-new each time that my IP changed, but now I see that this is not the case! After looking a bit more into it I think that it will be a bit more useful if I run a non-exit relay instead of a bridge. I will pay attention and if I see that the demand for dynamic IP bridges increases do to massive censorship I can make the switch and hope I can reach the right people.

        Thanks a lot for looking this up! It is a definitely a fun way to learn, and always nice to contribute even if it is a little.

        • Raziel
          link
          fedilink
          arrow-up
          1
          ·
          4 years ago

          Were did you learn to use Tor? I would like to learn the basics good privacy practices to use it as a regular user and in the future to get into contributing to the network like you are aming to do