[tor-relays] VPS ports closed

Michael Kelly m at michaelkelly.org
Thu Jan 9 06:43:38 UTC 2014 

Hi,

On Tue, Jan 07, 2014 at 02:59:24AM -0800, I wrote:
>   Mathew,
>   The only addition to the bare, no doubt minimal, CentOS VPS is Tor run
>   as an exit. The port failing to be accessible is 9030 - the dir port.
>   The interesting thing is that another similar VPS was working but now
>   9030 is not accessible.
>   Perhaps paying for a VPS a year in advance and no written objection to
>   Tor left me vulnerable to various methods of reducing their exposure to
>   copyright litigation. Other VPSs still have the statement "Tor relays
>   are ok" on their site yet emailed me that they must stop once I'd paid
>   a year in advance.
>   So if I can avoid discussion with them and force the port open it might
>   keep one exit running for a while.
>   Robert
>
>   >
>   > It's CentOS 6. Apart from that I don't know what you need to know.
>   > I presumed unix type commands work in general.
>   > Any help from the list will probably beat the help desk.
>   >
>   > Robert

"ipables -L" should tell you if your machine is blocking ports with its 
own firewall. (It seems odd for your host to block specific ports.)

The one CentOS machine I've set up did have a firewall that blocked 
incoming connections on most ports by default (I'm completely ignorant 
of CentOS in general, so I don't know if this is the standard setup or 
not):

Check out /etc/sysconfig/iptables. That lists the firewall rules that 
are applied when the machine boots. The default looked something like 
this for me:

# Generated by iptables-save v1.4.7 on Mon Oct  7 20:11:26 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [379:66816]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Oct  7 20:11:26 2013

The most relevant line is the one that contains "--dport 22". It opens 
port 22 to new connections. You could open port 9030 by adding this line 
below it:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 9030 -j ACCEPT

And so forth for other ports, followed by a "service iptables reload".

(Maybe there's a better CentOSy way of doing this; I don't claim to 
know. I hope this is useful.)

>   Most distros I have come across have all ports open by default. Do 
>   you
>   know which ports you would like open? Is it just the required ports for
>   Tor + SSH, or are you running additional services?
>
>   Most users use IPTables for firewalling.
>     __________________________________________________________________
>
>   [1]Try IM ToolPack Try FREE IM ToolPack at [2]www.imtoolpack.com
>   Capture screenshots, upload images, edit and send them to your friends
>   through IMs, post on Twitter^®, Facebook^®, MySpace^™, LinkedIn^® –
>   FAST!
>
>References
>
>   1. http://www.imtoolpack.com/default.aspx?rc=if5
>   2. http://www.imtoolpack.com/default.aspx?rc=if5

>_______________________________________________
>tor-relays mailing list
>tor-relays at lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


-- 
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140109/9df3f7ac/attachment.sig>

More information about the tor-relays mailing list