I am learning the very basics of networking and I am trying to set up a simple Tor Bridge node in my home pc (Arch Linux). I have set ORPort to 443, and set up port-forwarding from 443 -> 443. I set the bandwidth limit to 30 MB/s, and bursts of 35 MB/s, and set the Bridge option. I start tor using ‘sudo systemctl start tor’, and use nyx to monitor traffic.
In the connections menu I can see that I am part of several circuits (6 at the moment), and I have seen a few inbound and outbound connections show up. The Download and Upload bar charts just show a few spikes of < 1 KB/sec. The only notices that I have are “Self-testing indicates your ORPort is reachable from the outside. Publishing server description” and “Performing bandwidth self-test… done.” I have left the server running over night but I do not see any improvement.
Is this normal for a new Bridge node, or have I likely configured something improperly? I have tested completely shutting off the router’s firewall and it made no difference.
I found it! It’s ‘BridgeDistribution “option”’ (in /etc/tor/torrc) ‘https’ (or ‘any’) is probably what you want. This advertises your bridge on https://bridges.torproject.org meaning whoever grabs a bridge from there probably doesn’t have a censored internet connection and would be fine with a non-stable (dynamic) bridge.
‘email’ would give your bridge info to someone who emails bridges@torproject.org as a way to circumvent some low-tier censorship.
There’s also an ‘unallocated’ slot which are bridges given to activists during protests or to Tor developers or whatever, but I don’t know if there’s an option to specifically select that (there was some discussion on whether ‘none’ should put a bridge into this slot or not advertise a bridge at all, but I don’t know what they did in the end.)
Lastly, I don’t think there’s a big problem running a normal relay with a dynamic IP as the IP change should be recognized right away. The difference is much bigger when running a bridge. Bridges with static IPs are very important as they can be written down and handed to a friend in a heavily censoring country and it can be relied on to be stable. Try that with a dynamic IP and your bridge will be valid for only a few hours. The good thing about dynamic bridges however is that, since some governments (like China f.e.), might start making lots of requests to bridges.torproject.org and blocking those bridges immediately, your dynamic bridge IP will be useless to them within a few hours and will effectively turn into a new unblocked bridge for someone who just wants a bridge to hide that they’re using Tor at all.
Have fun and thanks for running a bridge relay!
I was under the wrong impression that dynamic IPs were not good for relays because I thought that the system would identify the node as brand-new each time that my IP changed, but now I see that this is not the case! After looking a bit more into it I think that it will be a bit more useful if I run a non-exit relay instead of a bridge. I will pay attention and if I see that the demand for dynamic IP bridges increases do to massive censorship I can make the switch and hope I can reach the right people.
Thanks a lot for looking this up! It is a definitely a fun way to learn, and always nice to contribute even if it is a little.
Were did you learn to use Tor? I would like to learn the basics good privacy practices to use it as a regular user and in the future to get into contributing to the network like you are aming to do
Looking through the manual (https://tb-manual.torproject.org/), watching youtube videos about tor and networking in general, asking questions online, and looking on google. I use Arch Linux, so this page was also very helpful: https://wiki.archlinux.org/index.php/Tor