Tor Relay, Bridge and Tor Exit Node hosting.

IncogNET allows Tor on our network, however we have some reasonable guidelines set.

IncogNET proudly supports Tor and believes it plays a vital role in online privacy and anonymity. As such, we allow and encourage our customers to operate Tor relays, bridges, guard and exit nodes. However, to protect our network from abuse and to maintain a high level of quality of service for all, we do ask that those running Tor Exits utilize a strict exit policy, similar to that shown in the example below.

Tor Exit Hosting Guidelines

We will allow Tor Exits on our network as long as the operator (you) follow our guidelines to help reduce the chance of abusive behavior stemming from our network. We support Tor because we support privacy, however our desire to maintain a clean and reliable network outweighs our desire to allow end-users to run unrestricted Tor Exit nodes. We have some reasonable guidelines put in place that allow you to offer quality network resources to the Tor network while also respecting our desire to have a happy network free of abuse.

By running a Tor Exit on our network, you agree that you will do the following:

Participate in the Tor community for support, resources, and follow the recommended best practices for operating a Tor Exit relay.
You follow a restrictive exit policy and block common mail ports and SSH port 22 to reduce abuse. [Learn More]
Configure accounting limits in torrc to avoid exceeding bandwidth caps (e.g., AccountingMax).
Set up reverse DNS (rDNS) for your IP address to identify the IP as a Tor Exit node. (Ex: tor-exit.your-domain.tld)
Regularly update Tor software to the latest version to maintain security and stability.
Ensure your server is dedicated solely to the Tor exit relay to prevent mixing personal and relay traffic.
Serve an exit notice HTML page to inform visitors that the IP address is part of a Tor exit relay. This can be configured using the `DirPort` and `DirPortFrontPage` options in your `torrc` file.
Implement a local caching and DNSSEC-validating resolver, such as Unbound, to handle DNS queries efficiently and avoid reliance on centralized DNS services. [ How to: Debian/Ubuntu, CentOS/RHEL, FreeBSD, openSUSE ]
Consider running a bridge, middle/guard relay or Snowflake instead of an Exit, as these are also useful.

Example of a strict Tor Exit Policy:

The below contains just one example of a strict exit policy that we would accept on our network. Your exit policy should allow access to common ports for web browsing and non-email communication, but not be so open that it allows for abuse from bad actors. Email ports and SSH (port 22) must be blocked to prevent spam and abuse.


# Communication Protocols
ExitPolicy accept *:20-21       # FTP
ExitPolicy accept *:43          # WHOIS
ExitPolicy accept *:53          # DNS
ExitPolicy accept *:80-81       # HTTP, HTTP alternative
ExitPolicy accept *:443         # HTTPS
ExitPolicy accept *:5222-5223   # XMPP (Matrix and others)
ExitPolicy accept *:6660-7000   # IRC (wide range for alternatives)
ExitPolicy accept *:8008        # HTTP alternate (Matrix and others)

# Hosting Control Panels
ExitPolicy accept *:2222        # DirectAdmin
ExitPolicy accept *:10000       # Webmin/Virtualmin
ExitPolicy accept *:8443        # Plesk
ExitPolicy accept *:2082-2083   # cPanel/WHM
ExitPolicy accept *:4083-4085   # Virtualizor
ExitPolicy accept *:12320       # ISPConfig
ExitPolicy accept *:9000        # HestiaCP
ExitPolicy accept *:8888        # FastPanel (alternative port also for HUSH coin)
ExitPolicy accept *:8090        # KeyHelp
ExitPolicy accept *:8083        # VestaCP
ExitPolicy accept *:8448        # VirtFusion

# Cryptocurrency Wallets and Services
ExitPolicy accept *:8082        # HTTPS Electrum Bitcoin port
ExitPolicy accept *:8332-8333   # Bitcoin Core RPC and P2P
ExitPolicy accept *:50001-50002 # Electrum Bitcoin plaintext/SSL
ExitPolicy accept *:18080-18081 # Monero RPC and P2P
ExitPolicy accept *:9332-9333   # Litecoin (LTC)
ExitPolicy accept *:9998-9999   # Dash
ExitPolicy accept *:22555-22556 # Dogecoin (DOGE)
ExitPolicy accept *:8232-8233   # Zcash (ZEC)
ExitPolicy accept *:30303       # Ethereum (ETH)
ExitPolicy accept *:51235       # Ripple (XRP)
ExitPolicy accept *:3000        # Cardano (ADA)
ExitPolicy accept *:27146       # Binance Coin (BNB)
ExitPolicy accept *:8000        # Solana (SOL)
ExitPolicy accept *:4200        # Siacoin
ExitPolicy accept *:9100-9102   # Stellar (XLM)

# Alternative Networks
ExitPolicy accept *:4444        # I2P (standard port)
ExitPolicy accept *:28380-28381 # GNUnet (P2P communication)
ExitPolicy accept *:2323        # Freenet
ExitPolicy accept *:8888        # Freenet HTTP proxy

# Messaging Applications
ExitPolicy accept *:443         # WhatsApp, Telegram, Signal (HTTPS)
ExitPolicy accept *:3478-3497   # WhatsApp STUN/TURN
ExitPolicy accept *:5228-5230   # Google Messaging services (used by Signal/WhatsApp)
ExitPolicy accept *:4244        # WhatsApp VoIP
ExitPolicy accept *:5280-5281   # XMPP BOSH (used by Signal, Line)
ExitPolicy accept *:1080        # Telegram proxy
ExitPolicy accept *:7890        # Telegram proxy or general proxy
ExitPolicy accept *:6400-6401   # LINE
ExitPolicy accept *:5938        # TeamViewer, often used for messengers

# General Web Browsing Services
ExitPolicy accept *:8080        # HTTP alternative (proxy)
ExitPolicy accept *:8444        # Alternative HTTPS (proxying or IoT services)
ExitPolicy accept *:3128        # Squid proxy
ExitPolicy accept *:9050-9051   # Tor SOCKS proxy and control port
ExitPolicy accept *:1080        # General SOCKS proxy
ExitPolicy accept *:53          # DNS queries
ExitPolicy accept *:5353        # mDNS (e.g., for IoT devices)

# Hidden Service-Related Ports
ExitPolicy accept *:5000        # Web applications (commonly Flask/Django apps)
ExitPolicy accept *:9001        # Tor relay ports
ExitPolicy accept *:9050        # Tor client SOCKS proxy
ExitPolicy accept *:8443        # Alternative HTTPS for hidden services
ExitPolicy accept *:8080        # Common alternative HTTP for hidden services
ExitPolicy accept *:6666        # OnionShare file sharing
ExitPolicy accept *:6667        # IRC for hidden services

# Deny all other traffic
ExitPolicy reject *:*

The Tor network is great, but what about I2P?

We love Tor, but currently their network capacity greatly exceeds the demand. While they have an abundance of resources available, there is another anonymity network that we love that could greatly benefit from some additional network resources. I2P (Invisible Internet Project) is over 20 years old with a large but often overlooked network. Click here to view our guides on running a high performance I2P network router or view the I2P Network Official Site.

Our Services	About Us	Support and Contact
CloudLinux Shared Hosting	Announcements	IncogNET Client Area
"BS Blocking" WireGuard VPN	About Our Business	Knowledge Base & FAQ
US and EU based KVM Virtual Servers	Sponsored Privacy Projects	Network Status / Reports
Kansas City, USA & Netherlands Dedicated Servers	Accepted Payment Methods	Contact Sales Department
DDoS Protected & Anycast DNS	Legal Stuff (TOS / AUP / Privacy)	Contact Support (Requires Login)
Domain Name Registration	Warrant Canary	Report Network Abuse
MyPrivateInbox (Email Hosting)	Network Locations & Looking Glass	Web Hosting Coupons & Discounts

Hosted On:				Social / Chat: