<div dir="ltr"><div>Thanks Stephen,</div><div></div><div>I've closed both the Control Port 9030 & Socks Port 9050 on the router - thanks for the advice.</div><div><br></div><div>Should I be concerned that I'm getting almost no traffic still after uptime of 3 days? I know sometimes it takes a little while for the relay to get 'established' and start seeing some decent traffic, but I don't remember it taking this long last time. Currently have 3 flags: Running, V2Dir, Valid.</div><div><br></div><div>Bandwidth limit is set to 700 KB/s & 800 KB/s (burst). Getting a little burst of traffic for 1 second every 10 seconds or so, but only a couple hundred bytes?<br></div><div>Nyx is saying avg is 531.2 B/sec - yeah that's bytes.....</div><div>Log updates for the past 12 hrs or so:</div><div><br></div><div>19:17:56 [NOTICE] DoS mitigation since startup: 0 circuits killed with too many cells. 0 circuits<br> │ rejected, 0 marked addresses. 0 connections closed. 0 single hop clients refused. [3 duplicates hidden]<br> │ 19:17:56 [NOTICE] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 66 v4 connections; and received 103 v1 connections, 101 v2 connections, 399 v3 connections, and 260 v4 connections. <br> │ 19:17:56 [NOTICE] Circuit handshake stats since last time: 11/11 TAP, 0/0 NTor. <br> │ 19:17:56 [NOTICE] Heartbeat: Tor's uptime is 2 days 23:59 hours, with 3 circuits open. I've sent 82.83 MB and received 132.06 MB. [3 duplicates hidden]<br> │ 13:17:56 [NOTICE] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 65 v4 connections; and received 93 v1 connections, 92 v2 connections, 398 v3 connections, and 238 v4 connections. <br> │ 13:17:56 [NOTICE] Circuit handshake stats since last time: 12/12 TAP, 0/0 NTor. <br> │ 07:39:27 [WARN] Malformed IP "(null)" in address pattern; rejecting. <br> │ 07:17:56 [NOTICE] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 56 v4 connections; and received 76 v1 connections, 87 v2 connections, 38 v3<br> │ connections, and 213 v4 connections. </div><div> │ 07:17:56 [NOTICE] Circuit handshake stats since last time: 18/18 TAP, 0/0 NTor. <br> │ 01:17:56 [NOTICE] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 47 v4 connections; and received 64 v1 connections, 80 v2 connections, 25 v3<br>─┘ connections, and 181 v4 connections. <br><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Sep 21, 2018 at 7:23 AM Stephen Mollett <<a href="mailto:molletts@yahoo.com">molletts@yahoo.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
On 20/09/2018 10:37, Ben Riley wrote:<br>
> ... I've actually got 4 ports open on the router for TOR - 9001, 9030,<br>
> 9050 & 9051.<br>
> <br>
> I set 9030 as my control port in torrc - does that port need to be open<br>
> on the router? ...<br>
You probably don't need or want either the control port or the SOCKS<br>
port open on the router.<br>
<br>
The control port is normally used to allow "front end" software like<br>
Vidalia to connect to the node and get diagnostic information, change<br>
some configuration settings, tell it to do things like build a new<br>
circuit, etc. so it only needs to be accessible to machines from which<br>
you want to manage the node in this way. If, for some reason, you did<br>
want to manage the node over the internet, I would recommend keeping the<br>
port blocked on the router anyway and tunnelling it through an SSH<br>
connection to the server.<br>
<br>
The SOCKS port is used to tunnel connections through Tor, either<br>
directly from software that supports SOCKS, via a wrapper such as<br>
socksify or torify or through a proxy server like Privoxy. Again, that<br>
only needs to be accessible to machines from which you want to "use"<br>
Tor. Again, if you want to use your node as a "gateway" into Tor from<br>
elsewhere, you should tunnel the port over SSH.<br>
<br>
Hope this helps,<br>
Stephen<br>
_______________________________________________<br>
tor-relays mailing list<br>
<a>tor-relays@lists.torproject.org</a><br>
<a rel="noreferrer">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br>
</blockquote></div>