[tor-relays] Questions about exit enclaves

Konstantinos Asimakis inshame at gmail.com
Fri Mar 30 14:50:49 UTC 2012


Wouldn't it be safer to accept connections only on port 80? Else he would
be exposing the whole machine.
On Mar 30, 2012 5:43 PM, "Tom Ritter" <tom at ritter.vg> wrote:

> It's my understanding that if you put the following Exit Policy in your
> torrc:
>
> ExitPolicyRejectPrivate 0
> ExitPolicy accept 97.107.139.108
> ExitPolicy reject *:*
>
> Where 97.107.139.108 is your IP address (that one's mine), you will
> Exit Enclave to your site, not allow any other exit traffic, you will
> be a normal tor relay (meaning you should check your bandwidth
> limits/accounting), and you will become the preferred path for Tor
> traffic to your site.
>
> Hidden Services are different from Exit Enclaving.  I would be
> surprised if there was any danger to be added by running a Hidden
> Service on an Exit Enclave, and if so, that should be documented
> better.
>
> If anything I said is incorrect, I hope that someone will correct me
> in detail, and review the changes I'd like to make to the
> documentation - because if I misunderstood, I think the Docs need
> clarifying.
>
> -tom
>
> On 30 March 2012 10:18, Jef Heri <jefheri1 at yahoo.com> wrote:
> > Hello list,
> >
> > I hope this is the correct list to send these questions, if not I
> apologize and please tell me where I should send this message.
> >
> > I want to setup a Tor node to run as a exit enclave for a web site
> (WordPress) and message board (vBulletin). However, I have found little
> documentation on how to accomplish this on a remote server, e.g.
> https://trac.torproject.org/projects/tor/wiki/doc/ExitEnclave . Is there
> a more throughout document/manual for exit enclaves?
> >
> > Is it correct that a exit enclave will act as a 'normal' exit node, as
> well as the exit enclave for its IP address (
> https://trac.torproject.org/projects/tor/ticket/800)? If so, is it
> possible to block exit to any IP other than the node's own IP via torrc
> file? If not, maybe I could only allow exists to white-list IPs, such as
> Tor Project web site IP, EFF IP, and etc?
> >
> > I believe someone who sends messages to tor-talk maintains a hardened
> (OS(?) and) Tor, meant to be run as a node only, from remote server space.
> Does anyone have a link for that software? I looked at the Tor web site but
> I didn't find information. I am thinking about using that software as the
> exit enclave.
> >
> > Lastly, is it possible (and smart - re anonymity and resources) to use
> the exit enclave to offer hidden service address?
> >
> > Thanks!
> >
> >
> >
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20120330/d0228619/attachment.html>


More information about the tor-relays mailing list