How to Set Up a Tor Relay/Node on FreeBSD Operating System

Introduction

The Tor network is a decentralized system designed to enhance online privacy and anonymity by routing internet traffic through a series of encrypted relays. Running a Tor relay on FreeBSD contributes to the network’s resilience and helps users worldwide bypass censorship and surveillance.

This guide provides a step-by-step walkthrough for setting up a Tor relay (middle relay) or exit node on FreeBSD. We will cover installation, configuration, security considerations, and best practices to ensure your relay operates efficiently while maintaining system stability.

Prerequisites

Before proceeding, ensure you have:

1. A FreeBSD system (12.x, 13.x, or later) with root access.
2. A stable internet connection with sufficient bandwidth (Tor relays benefit from high upload speeds).
3. Basic knowledge of FreeBSD administration (package management, firewall configuration, etc.).
4. Understanding of Tor’s legal implications (check local laws regarding relay operation).

Step 1: Update FreeBSD and Install Tor

1.1 Update the System

Ensure your FreeBSD system is up-to-date:

sudo pkg update  
sudo pkg upgrade  

1.2 Install Tor

Install the Tor package from FreeBSD’s ports or binary packages:

Using Binary Packages (Recommended for Beginners)

sudo pkg install tor  

Using Ports (For Custom Builds)

cd /usr/ports/security/tor  
sudo make install clean  

Step 2: Configure Tor as a Relay

2.1 Basic Configuration

Edit Tor’s configuration file (/usr/local/etc/tor/torrc):

sudo ee /usr/local/etc/tor/torrc  

Minimum Configuration for a Middle Relay

Nickname YourRelayName  
ContactInfo your@email.com  
ORPort 9001  
ExitRelay 0  
SocksPort 0  
Log notice file /var/log/tor/notices.log  
DataDirectory /var/db/tor  

Explanation of Key Parameters

• Nickname: A public identifier for your relay (avoid personal info).
• ContactInfo: An email for abuse reports (optional but recommended).
• ORPort: The port Tor uses for relay traffic (default: 9001).
• ExitRelay 0: Disables exit relay functionality (middle relay only).
• SocksPort 0: Disables local SOCKS proxy (not needed for relays).

For an Exit Relay, modify the configuration:

ExitRelay 1  
ExitPolicy accept *:80, accept *:443, reject *:*  

This allows exiting traffic only on HTTP (80) and HTTPS (443).

Step 3: Set Up Logging and Data Directory

3.1 Create Log Directory

sudo mkdir -p /var/log/tor  
sudo chown _tor:_tor /var/log/tor  

3.2 Create Data Directory

sudo mkdir -p /var/db/tor  
sudo chown _tor:_tor /var/db/tor  

Step 4: Enable and Start Tor

4.1 Enable Tor in rc.conf

sudo sysrc tor_enable="YES"  

4.2 Start the Tor Service

sudo service tor start  

Verify Tor is running:

sudo service tor status  

Check logs for errors:

tail -f /var/log/tor/notices.log  

Step 5: Configure Firewall (PF)

FreeBSD uses PF (Packet Filter) for firewalling. Ensure your relay’s ORPort is accessible.

5.1 Edit PF Configuration

sudo ee /etc/pf.conf  

Add rules for Tor (adjust em0 to your network interface):

ext_if = "em0"  
tor_ports = "{ 9001 }"  

# Allow inbound Tor traffic  
pass in on $ext_if proto tcp to port $tor_ports  

Reload PF:

sudo pfctl -f /etc/pf.conf  

5.2 Forward Ports (If Behind NAT)

If your FreeBSD machine is behind a router, forward TCP port 9001 (or your chosen ORPort) to its local IP.

Step 6: Monitor and Maintain Your Relay

6.1 Check Relay Status

Visit Tor’s Atlas ( https://metrics.torproject.org) and search for your relay’s nickname to verify it’s active.

6.2 Update Tor Regularly

sudo pkg update && sudo pkg upgrade tor  

6.3 Enable Automatic Updates (Optional)

Use cron or periodic to automate updates.

Security and Best Practices

7.1 Limit Resource Usage

Prevent excessive bandwidth consumption by adding to torrc:

AccountingMax 500 GB  
AccountingStart month 1 00:00  

7.2 Enable Sandboxing (Recommended)

Add to torrc:

Sandbox 1  

7.3 Avoid Running as Root

Tor defaults to the _tor user in FreeBSD, which is secure.

7.4 Legal Considerations

• Middle Relays: Generally low-risk.
• Exit Relays: May attract abuse complaints; consult legal advice.

Troubleshooting

8.1 Tor Fails to Start

• Check /var/log/tor/notices.log for errors.
• Verify correct permissions on /var/db/tor and /var/log/tor.

8.2 Port Not Reachable

• Confirm firewall rules (pfctl -sr).
• Test with telnet your-ip 9001.

8.3 High CPU/Memory Usage

Adjust torrc with:

MaxMemInQueues 512 MB  

Conclusion

Setting up a Tor relay on FreeBSD is a valuable contribution to the global privacy infrastructure. By following this guide, you’ve configured a secure and efficient relay while adhering to best practices.

Final Recommendations

• Monitor bandwidth usage to avoid ISP throttling.
• Join the Tor operator community ( https://lists.torproject.org) for support.
• Consider donating to the Tor Project to sustain development.

By running a Tor relay, you help empower users worldwide with uncensored and private internet access.

References

• Tor Project: https://www.torproject.org
• FreeBSD Handbook: https://www.freebsd.org/doc/handbook/
• Tor Relay Guide: https://community.torproject.org/relay/

This guide ensures a balance between security, performance, and compliance, making it suitable for both beginners and experienced FreeBSD administrators.