Understanding and using the Tor network

Slashdot it! Delicious Share on Facebook Tweet! Digg!

Advanced Settings

The normal Tor operation doesn't require any configuration changes. This could change, however, if you want to take full advantage of the proxy server functionality.

Tor is a community project that ultimately relies on as many users as possible providing the service to other Tor users. This feature is not too important for an end user, as long as his computer isn't being used as an Exit Node. As mentioned previously, the Exit Node forwards the requests as a last link to the destination server, which stores the IP address of the last node in its log. If the target server is being monitored, suspicion initially falls on the Exit Node operator. Although no cases of legal actions against Exit Nodes have yet been registered, the possibility cannot be excluded.

This potential risk, however, is no reason not to participate in the project. Tor also provides the ability to configure the server so that it doesn't act as the last node – or only partly so. Modifying a few lines in the /etc/tor/torrc file can make the daemon part of the Tor network run without making it an Exit Node.

The settings in Listing 1 make the service listen on port 9001, provide a maximum average bandwidth of 100KB/s, and ensure that all requests not coming from other Tor servers are rejected. If you operate the server behind a router, you must forward the port on which the gateway listens for incoming connections (9001 in the example) to the host.

Listing 1

Configuring torrc

ORPort 9001
Nickname <MyTorproxy>
RelayBandwidthRate 100 KB
RelayBandwidthBurst 200 KB
ExitPolicy reject *:*

Make sure that the exit policy restriction applies only to access to the public Internet. Normal relay hosts should handle access to the so-called hidden services. The "Hide and Seek" box describes how you can set up such hidden services.

Hide and Seek

Because the Tor network handles name resolution, it can also resolve domain names not found in the "normal" Internet. Tor uses the internal *.onion TLD to access hidden services that you can reach only through the Tor network. These services generally consist of quite normal websites except that as a rule – analogous to surfing over Tor – the website owner and web server remain unknown to the accessing party.

To provide a hidden service of your own, you need a web server that provides the public files via HTTP. If the content is static, usually a thin server such as Thttpd [8] would suffice. You can start it on the command line as follows:

# thttpd -r /<WWW_directory>/ -p <4711> -h

To complete the Tor configuration, add the following lines to your /etc/tor/torrc file:

HiddenServiceDir <WWW_directory>
HiddenServicePort 80<4711>

While the first directive specifies the website's directory path, the second directive specifies the network address. Based on the example, Tor listens on port 80 and the web server accepts requests via the localhost on port 4711. Tor itself handles the port mapping from 80 to 4711. Port forwarding on the router doesn't apply, because all requests run through the Tor tunnel.

After saving the configuration, a Tor restart activates the changes. It puts two files in the WWW directory, the first, hostname, contains the host's name with which other users access the hidden service, and it consists of a randomly generated hash. The second file, private_key, contains the key with which the service authenticates with Tor.

The Tor configuration file also provides many other possibilities on how to make the service work. If you want to access it from the local network, for example, you can add the line SocksBindAddress <IP_address>: <port> or SocksBindAddress to the file.

Because Tor randomly modifies the route every 10 minutes, it's not unusual in the cascade to have a slow node put a brake on the transmission speed. You can work around this by specifying your preferred servers with the directives EntryNodes and ExitNodes:

ExitNodes <Server1>,<Server2>,...

If you want to use these servers exclusively, you can use the directives StrictEntryNodes 1 and StrictExitNodes 1. Keep in mind, however, that reducing the nodes has the downside of less anonymity. To exclude untrusted nodes, use the directive ExcludeNodes followed by a comma-separated list of server names. You can get a list of all available directives using the command tor --list-torrc-options to open a manpage with all the details.


Vidalia [4] provides a graphical interface for configuring Tor (Figure 2) that you can install with sudo apt-get install vitalia. During installation, the software asks for a user to temporarily or permanently administer your Tor installation. Note that Vidalia can stop Tor, but it can't restart it because of a bug that affects permissions and missing configuration files.

Figure 2: The Vidalia graphical configuration interface simplifies setting up, starting, and stopping Tor.

If you accidentally stop Tor with Vidalia, just exit the front-end program and restart Tor from the command line with

$ sudo /etc/init.d/tor start

In the interface, the Bandwidth Graph button opens a little window that shows the current data throughput. View the Network provides a dialog that shows the current Tor hops (Figure 3).

Figure 3: With Vidalia's "View the Network" module, you can view which servers are connected to your computer and which path the data connection uses. If you're looking for candidates for your exclusion list, copy their nicknames into the front end.

The left pane lists all the known servers and the Connection pane shows all the ones currently connected to Tor. Clicking an entry shows details about the host. Right-clicking an entry opens the Close Channel option with which you can close the connection to the server.

This view provides an easy way to exclude specific hosts. To choose multiple ones, left-click with Ctrl on the desired entries, then right-click Copy | Nickname. Vidalia copies the names comma-separated into the configuration file as ExcludeNodes.

You can access the Tor configuration through Settings. Help provides comprehensive descriptions for most settings.

Buy this article as PDF

Express-Checkout as PDF

Pages: 4

Price $0.99
(incl. VAT)

Buy Ubuntu User

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content