[tor-relays] Manual Relay Guide for OS X

Zachary Alberico fossuser at gmail.com
Sat Apr 4 03:47:00 UTC 2015


Hi Tor-Relays,

I wrote the following documentation after figuring out how to get my
Tor relay working with a manual install.  The goal is to give easy to
follow and concise instructions that explain just enough to understand
what you're doing.

I'm trying to find out the best way to make this available - would it
be possible to add it to the externally facing documentation?  I'd
also really appreciate it if someone looks it over and sees if I made
any typos/forgot something.

I can help with whatever needs to be done.

Thanks,
Zach

###
Manually configuring a Tor Relay on OS X (Yosemite, Tor 0.2.5.11)

This guide walks you through the process of configuring your very own
tor relay explaining each step along the way.

First install homebrew which will allow us to install the most recent
version of Tor (http://brew.sh)
The following command pasted into a terminal will download and install homebrew.
{code}
ruby -e "$(curl -fsSL
https://raw.githubusercontent.com/Homebrew/install/master/install)"
{code}

Once that completes we'll use homebrew to install tor with the
following command.
{code}
brew install tor
{code}

At this point tor should be installed and the homebrew command should
have printed the following:
{quote}
You will find a sample `torrc` file in /usr/local/etc/tor.
It is advisable to edit the sample `torrc` to suit your own security needs:
https://www.torproject.org/docs/faq#torrc
After editing the `torrc`  you need to restart tor.

To have launchd start tor at login:
  ln -svn /usr/local/opt/tor/*.plist ~/Library/LaunchAgents
Then to load tor now:
  launchctl load ~/Library/LaunchAgents/homebrew.mxcl.tor.plist
{quote}

Notice that it mentions the location of the torrc file (we're going to
edit that next).  It also explains how to have tor run at startup and
how to start it now.  Before we go ahead and run those commands let's
create the location logging is supposed to go since for some reason it
doesn't already exist.
These commands are creating directories.
{code}
mkdir /usr/local/Cellar/tor/0.2.5.11/var
mkdir /usr/local/Cellar/tor/0.2.5.11/var/log
mkdir /usr/local/Cellar/tor/0.2.5.11/var/log/tor
{code}

Similarly create the following for the DataDirectory if it doesn't
already exist.
{code}
mkdir /usr/local/Cellar/tor/0.2.5.11/var/lib
mkdir /usr/local/Cellar/tor/0.2.5.11/var/lib/tor
{code}

Next let's edit the torrc.sample file and save it as torrc.
To open its location in a finder window use the following command:
{code}
open /usr/local/etc/tor
{code}
Then open the torrc.sample file in your chosen editor (text edit works fine).

Read through the file and try to understand what each of the options
are, at a minimum we're going to want to uncomment and use the
following options.
{code}
#Sets the logging location
Log notice file /usr/local/Cellar/tor/0.2.5.11/var/log/tor/notices.log

#Sets the DataDirectory
DataDirectory /usr/local/Cellar/tor/0.2.5.11/var/lib/tor

#If you're only configuring this as a relay
SocksPort 0

#Your main ORPort
ORPort 9001

#Name of your relay
Nickname supercoolrelay

#Bandwidth limits
RelayBandwidthRate 5000 KB
RelayBandwidthBurst 10000 KB

#Way for the tor project to conact you
ContactInfo Random Person <a special email you should make just for
this>@gmail.com

#What port to advertise for directory connections
DirPort 9030

#If you don't want to run an exit (if you're able to run an exit
please use the file default!)
ExitPolicy reject *:* # no exits allowed
{code}

Once you've uncommented/edited those lines save the file as torrc and exit.

Now it's time for an oversimplified and possibly inaccurate lesson
about Networking.
You are probably sitting at a home network at a computer connected
wirelessly or wired to a router which is connected to a modem which is
connecting you to the outside Internet.

Your entire network connection has one IPv4 address facing the outside
world.  Your router then uses NAT which stands for Network Address
Translation to remap traffic to the unique IP addresses you have per
device on your local intranet.  When we configure 'port forwarding'
we're telling your router to take the ports we need on your computer's
local IP behind the router and forward them to the ports exposed to
the real internet as part of this NAT process.  In this case this
allows the tor relay we've configured to receive incoming connections
on the port we've specified.  Unfortunately this process is different
for every router, but in order to provide an example I'll show what
the changes look like for an Apple Airport Extreme and hopefully
you'll be able to translate them to your own router's settings.  First
though we need to know your computer's local IP.

Open System Preferences
Click Network
Click Advanced
Click TCP/IP
In this window you should see "IPv4 Address: XX.X.X.X"

That's the address we need.

Next open Airport Utilty (this is to configure port forwarding on an
Apple Airport Extreme router)
Click on the Airport Extreme
Click Edit on the tooltip that pops up
Click Network
Notice the Port Settings Box, Click +
Add the following settings:
Description: Tor Ports
Public UDP Ports: 9001, 9030
Public TCP Ports: 9001, 9030
Private IP Address: XX.X.X.X (this is the IP we found in Network)
Priave UDP Ports: 9001, 9030
Public TCP Ports: 9001, 9030
Click Save
Click Update (note the router will reboot)

Note: This example shows the default ports we configured in our torrc,
if you need to or decide to use different ports you'd have to
configure the forwarding differently.  I think only the TCP settings
matter here, but I ended up setting both while trying to get this to
work.

Now we can set tor to launch on startup as well as start it right now
with these two commands.
{code}
ln -svn /usr/local/opt/tor/*.plist ~/Library/LaunchAgents
launchctl load ~/Library/LaunchAgents/homebrew.mxcl.tor.plist
{code}

Note: If you make changes to torrc in the future you need to restart
tor.  You can restart tor with the following command.
{code}
pkill -sighup tor
{code}

Now let's check out the logs and verify things are working.  This
command will show the end of the log and any new lines as they appear.
{code}
tail -f /usr/local/Cellar/tor/0.2.5.11/var/log/tor/notices.log
{code}

In a few mintues you should see the following lines if things are working:
19:29:38 [NOTICE] Self-testing indicates your ORPort is reachable from
the outside. Excellent. Publishing server descriptor.
19:29:36 [NOTICE] Self-testing indicates your DirPort is reachable
from the outside. Excellent.

If you see something like the following it's irrelevant:
Apr 02 22:33:02.000 [notice] Have tried resolving or connecting to
address '[scrubbed]' at 3 different places. Giving up.

And if you see this it's not working (the X's here represent your
public internet facing IPv4):
Apr 03 17:10:41.000 [warn] Your server (XX.XXX.XXX.XXX:9001) has not
managed to confirm that its ORPort is reachable. Please check your
firewalls, ports, address, /etc/hosts file, etc.
Apr 03 17:10:41.000 [warn] Your server (XX.XXX.XXX.XXX:9030) has not
managed to confirm that its DirPort is reachable. Please check your
firewalls, ports, address, /etc/hosts file, etc.

If you're still having trouble try hopping on IRC.
###


More information about the tor-relays mailing list