[tor-talk] Tor on two computers, one IP?
Justin Aplin
japlin at gmail.com
Thu Dec 22 02:43:36 UTC 2011
On Dec 21, 2011, at 5:21 PM, Phillip wrote:
> On Saturday 17 December 2011 10:42:19 Phillip wrote:
>>> Hi,
>>>
>>> I'm trying to set up tor on two separate computers using one net
>>> connection.
>>>
>>> I have a spare computer, which I want to set up as a relay, permanently
>>> using about 1/3 of my bandwidth. On my main computer, I'd like to run a
>>> bridge, or at least as a node (for the enhanced anonymity). I've got it
>>> running on both at the moment, but it seems that only one ever works at
>>> a time.
>>>
>>> The other reason I don't just run the relay off my main computer is that
>>> I sometimes need to run a VPN, or reboot my computer, or whatever...tor
>>> prefers stability :)
>>>
>>> I don't particularly want to go through the hassle of networking them,
>>> or using the spare as a central tor server, if it can be avoided... btw,
>>> both run Ubuntu and Vidalia.
>>>
>>> Any suggestions?
>> I have four computers running. One runs Tor, one is my desktop box (though
>> it's actually on the floor) and points to the first one for Tor things, one
>> is a laptop with its own Tor client, and the other is a Windows box that I
>> use for my job and doesn't know Tor (though it's easy enough to set it up).
>> You can have one box running Tor with a web browser, Torchat, or OnionCat on
>> the other.
>>
>> The other way to do it is to run Tor on both boxes and forward different ports
>> to the different boxes.
> Ah, I think you may have hit the nail on the head with the last
> sentence... would it not matter to the tor network that there is one IP
> address, but six different sets of ports being forwarded?
> (I'm assuming I have to give alternatives to 9001, 9030 and 9050 on the
> second laptop)?
>
> I'm also assuming that I have to open the firewall (gufw) on the second
> computer to allow these new ports, as well as on the router?
You've got it right. Many of our biggest relays are actually multi-core systems with one tor instance running on each core, all on the same network connection (since processor utilization tends to bottom out before network bandwidth). Each separate instance (whether on one machine or several) should have a unique ORPort and DirPort, and your router should forward the proper set of ports to the proper machine. Each machine should have the corresponding two ports opened in their firewall. Technically, each node you run should have each of the other's fingerprint(s) in the MyFamily option of their torrc, but since tor never builds circuits within the same /16 subnet anyway, a circuit will never be built with two nodes coming from the same IP. Otherwise, the authorities don't care at all.
Thanks for contributing!
~Justin Aplin
More information about the tor-talk
mailing list