Exit Node Setup Guide A comprehensive guide to setting up your exit node
System Requirements
Below are the system requirements and the minimum specifications of dedicated server or VPS
Step 1: Install BelNet on your VPS
Copy and paste the following link into the terminal
This will download the Belnet binaries from cloud
Copy wget https://deb.beldex.io/Beldex-projects/Belnet/deps/v0.9.7/linux/belnet-linux-x86_64-v0.9.7.zip
Unzip the file using the following command
Copy unzip belnet-linux-x86_64-v0.9.7.zip
Execution
install vim editor using the following command
Install tmux in your system
Copy sudo apt install tmux
Download the bootstrap file using belnet-bootstrap
Copy sudo ./belnet-bootstrap
Step 2: Configure Belnet.ini using vim
Go to Belnet config directory
Edit the belnet.ini file by entering the following command
Add the following lines under the [router] section or uncomment the following by removing the #.
This will configure the number of connections that an exit node can maintain.
Copy netid = belnet
worker-threads=0 (It uses all threads)
min-connections=18
max-connections=20
Add the following lines under the [network] section or uncomment the following by removing the #.
Copy keyfile=/var/lib/belnet/exit.private
ifaddr=10.0.0.1/16
ifname=exit0
hops=2
paths=8
exit=true
Step 3 Enable IP Forwarding via ''sysctl''
Open the following folder
Copy sudo vim /etc/sysctl.conf
Add the following lines. This will allow IP forwarding for both IPV4 and IPV6
Copy net.ipv4.ip_forward =1
net.ipv6.conf.all.forwarding =1
Press ESC + :wq
to save and exit to /etc/sysctl.conf
Enable the changes using the following command
Step 4: Setup firewall
Please check firewall status using the following command
Default result should return the following
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
Add firewall rules for IPv4
Copy and paste the following commands
Copy iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -o eth0 -j MASQUERADE
iptables-save
ip6tables -t nat -A POSTROUTING -s fd00::a00:0/112 -o eth0 -j MASQUERADE
ip6tables-save
Add route for Belnet interface's IPv6
Copy ip -6 route add fd00::a00:0/112 dev exit0
It is beneficial to block ports for Simple Mail Transfer Protocol (SMTP), SMTP over Secure Sockets Layer (SSL), SMTP over Transport Layer Security (TLS), Internet Relay Chat (IRC) and IRC over SSL. This is non-mandatory but may protect your exit node from Distributed Denial Of Service (DDOS) attacks. For more details, kindly check with your VPS host.
Copy for port in 25 465 587 666 { 0,1,2,3,4,5,6,7} 6697 ;
iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport $port -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport $port -j REJECT --reject-with tcp-reset
Now it is completed
Then, enter the following commands,
Copy iptables-save
ip6tables-save
The above commands unroll to:
Copy iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport 25 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport 465 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport 587 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport 6660 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport 6661 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport 6662 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport 6663 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport 6664 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport 6665 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport 6666 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport 6667 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -s 10.0.0.0/16 -p tcp -m tcp --dport 6697 -j REJECT --reject-with tcp-reset
iptables-save
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport 25 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport 465 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport 587 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport 6660 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport 6661 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport 6662 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport 6663 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport 6664 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport 6665 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport 6666 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport 6667 -j REJECT --reject-with tcp-reset
ip6tables -A FORWARD -s fd00::a00:0/112 -p tcp -m tcp --dport 6697 -j REJECT --reject-with tcp-reset
ip6tables-save
Make firewall settings persistent after rebooting the system by using the command given below
Copy apt install iptables-persistent
Select Yes on the pop-up window to save current rules to install both for IPv4 and IPv6.
Run Belnet
Step 5: Fetch your permanent .bdx address
Enter the following command to fetch your address
Copy host -t cname localhost.bdx 127.3.2.1
To check if your exit node is publicly hosted, enter the following command
Copy nslookup .bdx address
Step 6: If you face any errors, you can troubleshoot your DNS using the following command
Open the resolv.conf file
Copy sudo vim /etc/resolv.conf
Please add the following nameserver in the file
Save and exit the file using the command ESC + :wq