Tor Relay on Raspberry Pi 2 & 3

I'm creating this Instructable because I'm tired of seeing so many outdated guides on how to setup a Tor Relay on a Raspberry Pi 2... 95% of the guides I found led to installing some out of date bundle of Tor (0.2.5.x) instead of the current (0.2.7.x).

You need the following parts:

• Raspberry Pi 2
• Power supply
• Network cable/connection to the Internet
• Micro SD card with Raspbian (you can find all necessary installation instructions here:http://www.raspbian.org/RaspbianInstaller)

In your terminal type:

sudo raspi-config

Now you are going to go to option 1 and expand your usable space on your micro sd card from 2 gigs to the actual size of your card.

Next, again:

sudo raspi-config

Now you are going to option 2 to change the password of your Pi from "raspberry" to something secure.

In your terminal type:

sudo adduser tor

[enter]

Enter a secure password!

[enter]

Enter the password again

[enter]

sudo nano /etc/sudoers

[enter]

Add the following line at the bottom of the page:

torALL=(ALL) ALL

Before we get started with updates for the Pi, let add the Tor Projects package repository.

In your terminal type:

sudo nano /etc/apt/sources.list

and this to the bottom of the list:

deb http://deb.torproject.org/torproject.org jessie main

Now in your terminal run:

sudo apt-get update

sudo apt-get upgrade

In your terminal run:

gpg --keyserver keys.gnupg.net --recv 886DDD89

Then run:

gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

GPG Key source for verification: https://www.torproject.org/docs/debian.html.en

In your terminal run:

sudo apt-get update

sudo apt-get upgrade

sudo apt-get install tor deb.torproject.org-keyring

sudo apt-get install tor

(This will take a long time so be patient)

In your terminal enter:

sudo nano /etc/tor/torrc

Highlight everything (Mac = Command + A) and replace it with the config below:

SocksPort 0
Log notice file /var/log/tor/notices.log
RunAsDaemon 1
DataDirectory /var/lib/tor
ControlPort 9051
CookieAuthentication 1
ORPort 443
DirPort 80
ExitPolicy reject *:*
Nickname TypeYourNicknameHere
##Remove the # before RelayBandwidthRate & RelayBandwidthBurst to throttle bandwidth speed.
#RelayBandwidthRate 1024 KB  # Throttle traffic to 1024KB/s 
#RelayBandwidthBurst 2048KB # But allow bursts up to 200KB/s 
##optional
#ContactInfo TypeYourEmailHere
DisableDebuggerAttachment 0

Control + x to close / save the file.

In terminal enter:

sudo /etc/init.d/tor restart

In terminal type:

sudo apt-get install tor-arm

Then to launch ARM type:

sudo -u debian-tor arm

Next in your terminal enter:

sudo nano /etc/iptables/rules.v4

Now copy and paste this above the word "commit"

##  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
      
## allow incoming SSH      
-A INPUT -p tcp --dport 22 -j ACCEPT
## allow Tor ORPort, DirPort        
-A INPUT -p tcp --dport 433 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT

## ratelimit ICMP echo, allow all others
-A INPUT -p icmp --icmp-type echo-request -m limit --limit 2/s -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -j DROP
-A INPUT -p icmp -j ACCEPT

## to log denied packets uncomment this line (I uncommented it for you).
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP

If you have any questions, feel free to post a comment and I'll respond as soon as I can!