<html><head></head><body><div class="ydpe3f9b536yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div></div>
<div>All:</div><div><br></div><div><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);">It turns out that this issue was related to PortForwarding to <span>the Private Gateway Address (192.168.0.1:9001).</span></p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);"><br></p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);">The solution was to include an iptables ACCEPT Rule in the INPUT Chain to the PortForward destination (the Private Gateway Address - 192.168.0.1:9001).</p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);"><br></p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);"># <span style="font-size: 12pt; font-family: Helvetica; color: rgb(29, 34, 40);">iptables -I INPUT -p </span><span style="font-size: 12pt; font-family: Helvetica; color: rgb(29, 34, 40);">tcp --dport 9001 -j ACCEPT</span></p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);"><br></p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);"># iptables <span style="font-size: 12pt; font-family: Helvetica; color: rgb(29, 34, 40);">-A VSERVER -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.0.1:9001</span></p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);"><span style="font-size: 12pt; font-family: Helvetica; color: rgb(29, 34, 40);"><br></span></p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);">Now, the Tor Self-Test is returning successfully. However, now, there is an issue with the written/read bytes per second graph, on the metrics.torproject.org site, dropping to zero.</p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);"><br></p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);">Any idea why PortForwarding would cause the written/read bytes per second graph to drop to zero?</p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);"><br></p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);">Respectfully,</p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);"><br></p><p style="margin: 0px 0px var(--s-prose-spacing); padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);"><br></p><p style="margin: 0px; padding: 0px; border: 0px; font-stretch: inherit; line-height: inherit; font-size: 15px; vertical-align: baseline; color: rgb(12, 13, 14);">Gary</p></div><div><br></div><div><br></div>
<div id="ydpe3f9b536yahoo_quoted_9870091507" class="ydpe3f9b536yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Tuesday, August 17, 2021, 7:43:22 AM MDT, Gary C. New <garycnew@yahoo.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="ydpe3f9b536yiv7024454050"><div><div class="ydpe3f9b536yiv7024454050ydp793fd841yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div></div>
<div>All:</div><div><br clear="none"></div><div>After reviewing several packet-traces of Tor bound directly to the Public Address:Port vs Tor bound to the Private Address:Port and Advertising the Public Address:Port, I believe I may have found the the issue.</div><div><br clear="none"></div><div>It appears that when Tor is bound directly to the Public Address:Port, the initial measurement connections are initiated from External Tor Nodes via High-Ports to the Public Address:Port over TLSv1.2 or <span>TLSv1.3 successfully passing self-test. However, </span><span>when Tor is bound to the Private Address:Port </span><span>and Advertising the Public Address:Port</span>, the initial measurement connections are initiated from External Tor Nodes via High-Ports to the Public Address:Port over TLSv1.0. Tor does not like the TLSv1.0 connections and Resets the them; thus, failing the self-test.</div><div><br clear="none"></div><div>The question is... Why are the <span>initial measurement connections initiated from External Tor Nodes via High-Ports </span><span>with the </span><span>Private Address:Port binding and </span>Public Advertised Address:Port combination over TLSv1.0?</div><div><br clear="none"></div><div>Has anyone successfully implemented the <span>Private Address:Port binding and </span>Public Advertised Address:Port combination that successfully passes self-test whom would be kind enough to share their configuration?</div><div><span><br clear="none"></span></div><div><span>Is there a way to force the </span><span>External Tor Nodes that initiate the measurement connections to use TLSv1.2 or </span><span>TLSv1.3 with the </span><span>Private Address:Port binding and </span><span>Public Advertised Address:Port combination</span>?</div><div><span><br clear="none"></span></div><div><span>Thanks, again, for your assistance.</span></div><div><span><br clear="none"></span></div><div><span>Respectfully,</span></div><div><span><br clear="none"></span></div><div><span><br clear="none"></span></div><div><span>Gary</span></div><div><span><br clear="none"></span></div><div><span></span></div><div><br clear="none"></div>
<div class="ydpe3f9b536yiv7024454050yqt3221247209" id="ydpe3f9b536yiv7024454050yqt24260"><div class="ydpe3f9b536yiv7024454050ydp793fd841yahoo_quoted" id="ydpe3f9b536yiv7024454050ydp793fd841yahoo_quoted_9367238951">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Saturday, August 14, 2021, 2:47:01 AM PDT, Gary C. New <garycnew@yahoo.com> wrote:
</div>
<div><br clear="none"></div>
<div><br clear="none"></div>
<div><div id="ydpe3f9b536yiv7024454050ydp793fd841yiv6854496847"><div><div class="ydpe3f9b536yiv7024454050ydp793fd841yiv6854496847ydp39911fe4yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div></div>
<div>David,</div><div><br clear="none"></div><div>The ISP has port 9001 blocked to the Public Address.</div><div><br clear="none"></div><div>Do the ports have to be the same, when using NoAdvertise & NoListen with the ORPort directive?</div><div><br clear="none"></div><div>Thanks!</div><div><br clear="none"></div><div><br clear="none"></div><div>Gary</div><div><br clear="none"></div><div><br clear="none"></div>
<div class="ydpe3f9b536yiv7024454050ydp793fd841yiv6854496847yqt1675827407" id="ydpe3f9b536yiv7024454050ydp793fd841yiv6854496847yqt23762"><div class="ydpe3f9b536yiv7024454050ydp793fd841yiv6854496847ydp39911fe4yahoo_quoted" id="ydpe3f9b536yiv7024454050ydp793fd841yiv6854496847ydp39911fe4yahoo_quoted_9234331990">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Saturday, August 14, 2021, 12:20:36 AM MDT, David Figuera <dfb@mm.st> wrote:
</div>
<div><br clear="none"></div>
<div><br clear="none"></div>
<div><div dir="ltr"><div class="ydpe3f9b536yiv7024454050ydp793fd841yiv6854496847ydp39911fe4yqt7241730911" id="ydpe3f9b536yiv7024454050ydp793fd841yiv6854496847ydp39911fe4yqtfd50068">> ORPort 198.91.60.78:443 NoListen<br clear="none">> ORPort 192.168.0.1:9001 NoAdvertise</div><br clear="none"><br clear="none">Why two different ports?<br clear="none">_______________________________________________<br clear="none">tor-relays mailing list<br clear="none"><a shape="rect" href="mailto:tor-relays@lists.torproject.org" rel="nofollow" target="_blank">tor-relays@lists.torproject.org</a><br clear="none"><a shape="rect" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="nofollow" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><div class="ydpe3f9b536yiv7024454050ydp793fd841yiv6854496847ydp39911fe4yqt7241730911" id="ydpe3f9b536yiv7024454050ydp793fd841yiv6854496847ydp39911fe4yqtfd22454"><br clear="none"></div></div></div>
</div>
</div></div></div></div></div></div>
</div>
</div></div></div></div></div></div>
</div>
</div></div></body></html>