Re: [tor-relays] Middle relay IP blocking

I tried reporting a similar issue a few months ago (post wasn’t approved by moderator). I was running a relay from my home ISP. After a short while certain websites became inaccessible from other computers in my home network that shared the same public IP. After trial and error with other IP addresses (non-Tor) I realized commercial gateway services had blacklisted our IP address.

After several weeks of running a Relay I shut it down and after a few days we could access the websites again from our IP.

The ISP didn’t understand when I reported it and just wanted to upsell me a business plan.

Live and learn. The Tor network was the victim. You are correct that by publishing entry, relay and exit node IP addresses for the Tor network, it’s an easy target for commercial services to indiscriminately blacklist any IP addresses associated with Tor. Sharing your IP with a relay and your personal use might get you blocked.

I hope this post gets approved.

Same here, middle node. In order to access some sites, I have to shut down briefly my modem in order to obtain a new IP, and for a while all goes smoothly again.

Hi @all,

Just my 2 cents. Is this worth the hassle?
Calculate your power consumption 24x7x30 @home.

For 1-5$ you can get a VPS.
This exit has 1GB RAM and 1CPU and costs $3.50/month
https://metrics.torproject.org/rs.html#details/376DC7CAD597D3A4CBB651999CFAD0E77DC9AE8C

Search or ask for offers on LEB & LET:

$websearch: cheap vps unlimited bandwidth
IONOS 1,-EUR/Month - 1GB RAM - 1vCore unlimited bandwidth - prepaid (=no contract term)

Dedicated server for $15 per month: 4 Cores/4 threads - 16GB DDR3 - 5 usable IPv4
https://www.nocix.net/cart/?id=261

lists@for-privacy.net wrote:

I tried reporting a similar issue a few months ago (post wasn’t approved
by
moderator). I was running a relay from my home ISP. After a short while
certain websites became inaccessible from other computers in my home
network that shared the same public IP. After trial and error with other
IP addresses (non-Tor) I realized commercial gateway services had
blacklisted our IP address.

Same here, middle node. In order to access some sites, I have to shut down
briefly my modem in order to obtain a new IP, and for a while all goes
smoothly again.

Hi @all,

Just my 2 cents. Is this worth the hassle?
Calculate your power consumption 24x7x30 @home.

For 1-5$ you can get a VPS.
This exit has 1GB RAM and 1CPU and costs $3.50/month
Relay Search

Search or ask for offers on LEB & LET:
https://lowendbox.com/
https://lowendtalk.com/discussion/185210/tor-relay-bridge

$websearch: cheap vps unlimited bandwidth
IONOS 1,-EUR/Month - 1GB RAM - 1vCore unlimited bandwidth - prepaid (=no contract term)
https://www.ionos.de/server/vps

Dedicated server for $15 per month: 4 Cores/4 threads - 16GB DDR3 - 5 usable IPv4
NOCIX - Powerful Servers: Affordably Priced

While all the above is true, a thing to remember is to make sure we don't end up all renting too many VPS'es or dedicated servers in the same places / same AS numbers - we need network diversity, it is a very important factor, more AS numbers, more providers, more physical locations, etc. So, running at home is super good and recommended from this perspective, provides us with the diversity we need, however not being to login to online banking to pay an electricity bill because of a middle relay is also way too annoying.. however who can afford the hassle should definitely run a middle relay or bridge at home (even Exit relay, I do run an Exit relay at my office place and I had one police visit in like 8 years or so).

The problem here is with the people who treat 1 IP address = 1 person, this assumption which is 3 decades old should disappear once and forever. I cannot imagine what kind of an IT/security expert would use a black list (haha) that contains Tor relays (double haha) and also applies same restrictions to *middle* relays (triple haha). There are so many ways to properly handle an IP address that sends robotic/unrequested traffic which are so obvious I'm not going to spam the list to enumerate them.

While all the above is true, a thing to remember is to make sure we
don't end up all renting too many VPS'es or dedicated servers in the
same places / same AS numbers - we need network diversity,

Especially at the exits, which unfortunately occur in a few places and in
large heaps. Approx 50%: Berlin Germany, Utrecht Netherlands, Roost
Luxembourg.

it is a very
important factor, more AS numbers, more providers, more physical
locations, etc. So, running at home is super good and recommended from
this perspective, provides us with the diversity we need,

You made a good list of underused ISP's on lowendtalk and on nusenu's
OrNetStat there are over 500 AS where only 1 or 2 relays are running. There
should be enough data centers in the world to achieve diversity even without
running at home.
https://nusenu.github.io/OrNetStats/#autonomous-systems-by-cw-fraction

Runnig snowflake @home is a nice option. Many relays @home only have kbit/s of
bandwidth. In my humble opinion, a Tor relay should offer at least 10 MB/s.

however who can afford the
hassle should definitely run a middle relay or bridge at home

Yes, anyone with a good internet connection at home can do this.
At least in Germany, every ISP offers its customers a http & ftp proxy. Use
them in your browser or OS. This might have less of a problem running Tor
relays at home. Because most websites will then see the proxy IP.

(even Exit
relay, I do run an Exit relay at my office place and I had one police
visit in like 8 years or so).

@office is different than @home. I wouldn't advise anyone to run an exit at home.
It's no fun when the cops ring at 6:00 am and search your whole apartment. And
if you're unlucky, they take all computers, cell phones and other 'things'.

While all the above is true, a thing to remember is to make sure we don't
end up all renting too many VPS'es or dedicated servers in the same places /
same AS numbers - we need network diversity, it is a very important factor,
more AS numbers, more providers, more physical locations, etc. So, running
at home is super good and recommended from this perspective, provides us
with the diversity we need, however not being to login to online banking to
pay an electricity bill because of a middle relay is also way too annoying..
however who can afford the hassle should definitely run a middle relay or
bridge at home

Yes, exactly this. If you are interested in running a non-exit relay at
home, and you can tolerate the hassles from occasionally finding that
some service doesn't want to hear from you, then you are definitely
helping the diversity of the Tor network.

Having the Tor traffic concentrated at a few cheapo providers like Hetzner
and OVH is not only scary in the sense that too much traffic goes through
too few cables, but it's also scary because it increases the appeal for
somebody to attack those few companies, either by breaking into their
infrastructure to watch traffic or through more traditional insider
threats like getting an employee there to help them monitor traffic.

The internet already has uncomfortably many bottlenecks -- too few
undersea cables, too few Content Distribution Networks (CDNs), too few
app stores, etc.

(even Exit relay, I do run an Exit relay at my office place
and I had one police visit in like 8 years or so).

Follow this advice only with great caution. Many people happily
run their exit relay from their home, but it only takes one fresh new
cybercrime detective (trying to make a name for himself by kicking down
a door at 7am, and with no idea what Tor is) to ruin your day.

--Roger

As much as I would like to laugh along with you, it's clearly the case are some major outsourced firewall/protection companies who unfortunately do have the IT/security folks you can't imagine. I've spoken to one senior network technician at a major US wide bank because after running a middle relay for 5 years with only minor issues, my wife who works from home for the bank was suddenly blocked from accessing the bank network. He fully understood what a middle relay was and was quite happy for me to run one, but was unable to do anything as they had just outsourced the network "protection" and whoever they had outsourced to was classing the middle relay as a threat, and so blocking her access.

Cheers.

Most people definitely have the router on all the time. I saw this recently
because I wanted to run a bridge for Turkmenistan at home:
On Ubiquity EdgeOS Router (Vyatta/Debian based) you can 'apt install tor'
OPNsense (FreeBSD based): Tor Configuration — OPNsense documentation