Host a Bridge or Tor Relay
(Redirected from Hosting a (private) (obfuscated) bridge or (exit) relay)
You can still volunteer to Tor and host a bridge, private bridge, obfuscated bridge, private obfuscated bridge, middle node or exit relay when you are using Whonix ™. Either inside the Whonix-Gateway ™ or directly on the host.
Hosting a Tor relay and/or bridge and using it to mix one's own traffic might be beneficial for anonymity. Advanced users only! Please refer to the write-ups by The Tor Project, the developers of the Tor software.
Quote The Tor Project New low cost traffic analysis attacks and mitigations [archive]:
In terms of mitigating the use of these vectors in attacks against Tor, here's our recommendations for various groups in our community:
Users: Do multiple things at once with your Tor client
Because Tor uses encrypted TLS connections to carry multiple circuits, an adversary that externally observes Tor client traffic to a Tor Guard node will have a significantly harder time performing classification if that Tor client is doing multiple things at the same time. This was studied in section 6.3 of this paper [archive] by Tao Wang and Ian Goldberg. A similar argument can be made for mixing your client traffic with your own Tor Relay or Tor Bridge that you run, but that is very tricky to do correctly [archive] for it to actually help.
Outside the Whonix-Gateway ™
Inside the Whonix-Gateway ™
This chapter hasn't been tested for a long time. Get in contact if you are interested in this configuration.
This is non-trivial for reasons outside of Whonix ™ control. For a large part unspecific to Whonix ™. It requires an open port to permit acceptance of unsolicited incoming connections. See Ports for explanation.
Various learning exercises are recommended before attempting to this set this up:
A) Set up web server reachable on PC. For example:
internet → home router → PC → web server
B) web server reachable in VM. i.e. internet → home router → PC → Debian (not Whonix ™) VM → web server
C) Only then try to do the same with Whonix ™ with Tor.
On the Whonix-Gateway ™.
1. Simply follow all the usual instructions given on torproject.org inside the Whonix-Gateway ™ just as you would, if Tor wouldn't run inside a virtual machine.
2. Set up a port forwarding from the host to the virtual machine.
- KVM: Follow the NAT port forwarding instructions [archive] for Whonix-Gateway ™.
- VirtualBox: You can also do this with the VirtualBox graphical user interface.
Go to Whonix-Gateway ™ → Settings → Network Interface → Port Forwarding.
4. Read the introduction comment about flexible modular configuration files.
5. Read the comment about Tor Relay Settings.
6. Close the file.
7. Modify Whonix-Gateway ™ User Firewall Settings
8. Paste the following content. Adjust if necessary.
## Allow incoming DIRPORT connections for an optional Tor relay. GATEWAY_ALLOW_INCOMING_DIR_PORT=1 ## Allow incoming ORPORT connections for an optional Tor relay. GATEWAY_ALLOW_INCOMING_OR_PORT=1 ## DIRPORT incoming port. DIR_PORT=80 ## ORPORT incoming port. OR_PORT=443
9. Reload Whonix-Gateway ™ Firewall.
Other Easy Options
As a Firefox or Chrome browser / Chromium user, install an add-on to create a "flash" proxy bridge. "Flash" as in flashing proxy, not as in Adobe Flash. This has nothing to do with Adobe Flash.