On Fri, 14 Dec 2007 10:09:28 -0500 Michael Holstein <[EMAIL PROTECTED]> wrote: >> P4 processor @ 3GHZ, Intel MB, 2GB DDR2 RAM, 80 GB SATA HD > >This will be fine (more than fine, actually) .. I had no issues running >a ~10mbit (symmetric) node on an old P3/1ghz with 1gb RAM (it was FreeBSD). > >> all behind a Linksys Firewall Router. > >This will be a problem. Cheap-o routers don't have enough memory to >manage huge state tables. You'd be better off getting a second NIC card >for the PC and just using the server to firewall/NAT your LAN, in >addition to running TOR. If that scares you, just re-use an old PC and >run Smoothwall on it (or any of the other many "appliance" distros that >do this). > Thank you. You just brought forward the thing that has been eluding my recollection since this thread started. Linksys routers do not have enough memory for the NAT table to run a tor exit server, and they do not handle a table overflow condition gracefully. What happens when a SYN goes out at a time when the table is full is that the connection never happens, which is reasonable enough, but when table entries have later been freed, outbound connections continue to fail. This remains the situation until the router has been rebooted. In my experience, a Linksys router on a Comcast connection may run for days before the above described situation occurs, but OTOH, it may only run for an hour or two before it happens. It is conceivable that the same might occur for a middleman-only server, but far less likely because connections to the outside will normally be far fewer, given that many circuits, each with perhaps multiple streams, may be funneled through a single TCP connection with its corresponding NAT table entry. In the case of an exit server, every stream that exits needs its own NAT table entry. FWIW, a *BSD or LINUX system running as a router with natd(8) on it will have no such problem because it doesn't suffer from the memory limitation. The same might also be true for Windows, but I shudder at the thought of trusting Windows as a router/firewall, and I don't know what is available as a NAT server in Windows.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************