1,575
edits
Changes
no edit summary
###Uncomment ''RelayBandwidthRate'' and ''RelayBandwidthBurst'' and set them to something suitable for your connection. I recommend running a [http://www.speedtest.net/ speedtest] and taking half of the upload value. Keep in mind that the configuration is in KiloBytes. This particular speedtest returns results in MegaBits. This means you must take the Mb result from the speedtest, multiply by 1000 (to convert to Kb) and then divide by 8 (to convert to KB). Then divide by 2 to get half of this value.
##Setup any Firewalls to pass your 9001 ORPort
###Router: [http://www.dd-wrt.com/site/index DD-WRT]####I use [http://www.dd-wrt.com/site/index DD-WRT] for my Router Firmware. It allows me to run multiple PCs on my network and direct traffic to the correct computer based on Port. We will need to give the Tor Relay Server a static IP and ensure that Tor traffic is forwarded to that machine. If you use another router you can learn more about port forwarding [http://portforward.com/english/routers/port_forwarding/ here].####Login to your Router and Navigate to ''Services'' -> ''Services''####Under the ''Static Leases'' section hit the ''Add'' button and fill in your Tor server's ''MAC Address'', ''Host Name'', and a desired ''IP Address'' that it will always get. I leave ''Client Lease Time'' blank. Scroll to the bottom and hit ''Save'' then ''Apply Settings''####Navigate to ''NAT/QOS'' -> ''Port Forwarding''####Hit the ''Add'' button and fill in the information as follows (no quotes):####*''Application'': "<ServerName>Tor"####*''Port from'': "9001"####*''Protocol'': "TCP"####*''IP Address'': "<TheStaticIpYouJustChose>"####*''Port to": "9001"####*''Enable'': <checked>####If you want to be able to monitor your relay remotely using ''arm'' (instead of only at the console) then add a similar line forwarding port 9051 as well.####Hit ''Save'' and ''Apply Settings''###[http://selinuxproject.org/page/Main_Page SELinux]####CentOS comes preinstalled with [http://selinuxproject.org/page/Main_Page SELinux] to help harden and protect the OS.####If you choose a non-standard port (ie: not 9001) for your ORPort then you will have to add the exception to SELinux####Run ''sudo yum install policycoreutils-python'' to install the tools you need to manage SELinux. It can take several minutes to install this package. Be patient.####You can run ''sudo semanage port -l | more'' to see what ports SELinux already allows. There is a entry for ''tor_port_t'' already which contains ''tcp 6969, 9001, 9030, & 9051'' along with a ''tor_socks_port_t'' entry containing ''tcp 9050''####If you need to use a different port you will have to run a command like ''sudo semanage port -a -t tor_port_t -p tcp <your_port>''. Don't forget to forward the correct port in DD-WRT (above) and IPTables (below)###IPTables####If you follow my guide for [[Setting Up a Secure CentOS 6 Server]] then you will have setup a rather restrictive IPTables configuration. We need to add an exception for tor.####Edit ''/etc/sysconfig/iptables''####Right above ''# Log and drop everything else'' add the following lines:####*''<nowiki>#</nowiki> Accept Tor traffic''####*''-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9001 -j ACCEPT''####If you want to be able to monitor your relay remotely using ''arm'' (instead of only at the console) add the following line as well.####*''-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9051 -j ACCEPT''
*Resources
*#https://www.torproject.org/docs/tor-relay-debian.html.en
*#https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sect-Date_and_Time_Configuration-Command_Line_Configuration-Network_Time_Protocol.html
*#http://wiki.centos.org/HowTos/SELinux