OK, finally got a configuration that looks like it works:
Address 209.141.39.157
OutboundBindAddress 209.141.39.157
ORPort 209.141.39.157:9001 IPv4Only
ORPort XXX.XXX.XXX.XXX:443 NoListen
ORPort XXX.XXX.XXX.XXX:9001 NoListen
Where XXX.XXX.XXX.XXX is the IP I didn't want to be used by my Tor exit relay. (The IPv4 flag is probably useless, I just didn't think to take it out after adding the IP to the port.)
I'll see if abuse reports for my second IP will stop showing up on abuseipdb.com.
Unless you find I did something wrong, thanks for helping,
Denny
denny.obreham(a)a-n-o-n-y-m-e.net wrote ..
> The second IP is still in "Exit Addresses" with the new configuration ... https://metrics.torproject.org/rs.html#details/3B85067588C3F017D5CCF7D8F65B…
>
> torrc:
>
> Address 209.141.39.157
> OutboundBindAddress 209.141.39.157
> ORPort 9001 IPv4Only
>
> Denny
>
> denny.obreham(a)a-n-o-n-y-m-e.net wrote ..
> > Thanks Marco.
> >
> > First, I had to change my ORPort to 9001 with your proposed configuration because
> > using 443 caused an error => "Could not bind to 0.0.0.0:443: Address already
> in
> > use. Is Tor already running?"
> > Probably because my other Tor instance (hidden service) is using it.
> >
> > Now I'm just waiting for the metrics to update to see if everything is as expected.
> >
> > Finally, thanks for the help with IPv6 because I cannot get it to work. Somehow
> > when I try to check IPv6 availability ( https://community.torproject.org/relay/setup/post-install/
> > ), I get "ping6: connect: Network is unreachable". I don't have time to set it
> > up right now (I already spent hours last week) so I'll get back to you for that.
> >
> > Denny
> >
> > lists(a)for-privacy.net wrote ..
> > > Hi denny,
> > >
> > > > Hi,
> > > >
> > > > I just activated my first exit relay. (
> > > > https://metrics.torproject.org/rs.html#details/3B85067588C3F017D5CCF7D8F65B
> > > > 5881B7D4C97C ) I had the following in my torrc (plus some other things):
> > >
> > > I've answered the rest to the list.
> > > If you want to enable IPv6 at Frantech/BuyVM:
> > >
> > > First create one in Stallion from your given subnet.
> > > This is what my /etc/network/interfaces looks like at Frantech
> > >
> > >
> > > # This file describes the network interfaces available on your system
> > > # and how to activate them. For more information, see interfaces(5).
> > >
> > > source /etc/network/interfaces.d/*
> > >
> > > # The loopback network interface
> > > auto lo
> > > iface lo inet loopback
> > >
> > > # The primary network interface
> > > allow-hotplug eth0
> > > iface eth0 inet static
> > > address 104.244.73.43/24
> > > gateway 104.244.73.1
> > > # dns-* options are implemented by the resolvconf package, if installed
> > > dns-nameservers 127.0.0.1 107.189.0.68 107.189.0.69
> > > dns-search for-privacy.net
> > >
> > > iface eth0 inet6 static
> > > address 2605:6400:0030:f78b::2/64
> > > up ip -6 route add 2605:6400:0030::1 dev eth0
> > > up ip -6 route add default via 2605:6400:0030::1
> > > down ip -6 route del default via 2605:6400:0030::1
> > > down ip -6 route del 2605:6400:0030::1 dev eth0
> > > dns-nameservers ::1 IPv6ns1 IPv6ns2
> > >
> > >
> > > --
> > > ╰_╯ Ciao Marco!
> > >
> > > Debian GNU/Linux
> > >
> > > It's free software and it gives you freedom!
Thanks Marco.
First, I had to change my ORPort to 9001 with your proposed configuration because using 443 caused an error => "Could not bind to 0.0.0.0:443: Address already in use. Is Tor already running?"
Probably because my other Tor instance (hidden service) is using it.
Now I'm just waiting for the metrics to update to see if everything is as expected.
Finally, thanks for the help with IPv6 because I cannot get it to work. Somehow when I try to check IPv6 availability ( https://community.torproject.org/relay/setup/post-install/ ), I get "ping6: connect: Network is unreachable". I don't have time to set it up right now (I already spent hours last week) so I'll get back to you for that.
Denny
lists(a)for-privacy.net wrote ..
> Hi denny,
>
> > Hi,
> >
> > I just activated my first exit relay. (
> > https://metrics.torproject.org/rs.html#details/3B85067588C3F017D5CCF7D8F65B
> > 5881B7D4C97C ) I had the following in my torrc (plus some other things):
>
> I've answered the rest to the list.
> If you want to enable IPv6 at Frantech/BuyVM:
>
> First create one in Stallion from your given subnet.
> This is what my /etc/network/interfaces looks like at Frantech
>
>
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
>
> source /etc/network/interfaces.d/*
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> # The primary network interface
> allow-hotplug eth0
> iface eth0 inet static
> address 104.244.73.43/24
> gateway 104.244.73.1
> # dns-* options are implemented by the resolvconf package, if installed
> dns-nameservers 127.0.0.1 107.189.0.68 107.189.0.69
> dns-search for-privacy.net
>
> iface eth0 inet6 static
> address 2605:6400:0030:f78b::2/64
> up ip -6 route add 2605:6400:0030::1 dev eth0
> up ip -6 route add default via 2605:6400:0030::1
> down ip -6 route del default via 2605:6400:0030::1
> down ip -6 route del 2605:6400:0030::1 dev eth0
> dns-nameservers ::1 IPv6ns1 IPv6ns2
>
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you freedom!
Hi,
I just activated my first exit relay. ( https://metrics.torproject.org/rs.html#details/3B85067588C3F017D5CCF7D8F65B… ) I had the following in my torrc (plus some other things):
SocksPort 0
ControlPort 9052
ORPort 209.141.39.157:443
I have 2 IPs on my server and I wanted Tor to use 209.141.39.157. I thought setting it with ORPort would suffice. But under "Exit Addresses" in the metrics it was my other IP. So I added the following in my torrc:
Address 209.141.39.157
OutboundBindAddress 209.141.39.157
And now I have both IPs in the "Exit Addresses". How can I prevent my exit relay from using the other IP? Note that I have also another instance of Tor running a hidden service that I intended to run on the other IP.
Denny
Hello everyone!
As indicated on the last relay operator meetup we were close to
re-launching the Tor Weather service. Now, after fixing a bunch of
last-minute issues and double-checking everything is working we can
finally announce that the newly designed Tor Weather service is ready
for public usage.
Feel free to try it out at https://weather.torproject.org and help
improving it!
For those not knowing what this service is about: Tor Weather is
offering subscriptions to keep track of the well-being of relays. Right
now, after registering an account, one can get an e-mail notification in
case a relay goes down or loses some flags or goes below a certain
amount of observed bandwidth. The idea is to help operators in managing
their relays that way and showing them their contribution to our project
is much appreciated.
There a many more things we can potentially offer subscriptions for,
like getting notifications for upcoming relay operator meetups, having
earned a Tor t-shirt, new relay requirements, running outdated Tor
versions... You can find a current list of ideas in our bug tracker[1];
feel free to add missing ones and pick up issues to work on. This is a
free software project after all. :)
We see Tor Weather as an investment into our relay operator community
and think it will be useful in the future to help growing and
strengthening our community, which is very exciting.
Finally, I'd like to give a big shout-out to Sarthik Gupta who did all
the heavy-lifting and re-wrote Tor Weather during last years' Google
Summer of Code and keeps improving it. Additionally, kez from our
sysadmin team was invaluable in getting all the different pieces set up
and running on our infrastructure.
Thanks as well to all the volunteers, like nusenu, who contributed with
ideas and feedback over the years which convinced us that Tor Weather is
a worthwhile tool to invest time and energy in again.
Georg
[1] https://gitlab.torproject.org/tpo/network-health/tor-weather/-/issues
Hello tor-relays,
We are using Ubuntu server currently for our exit relays. Occasionally, exit throughput will drop from ~4Gbps down to ~200Mbps and the only observable data point that we have is a significant increase in inet_csk_bind_conflict, as seen via 'perf top', where it will hit 85% [kernel] utilization.
A while back we thought we solved with with two /etc/sysctl.conf settings:
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_tw_reuse = 1
However we are still experiencing this problem.
Both of our (currently, two) relay servers suffer from the same problem, at the same time. They are AMD Epyc 7402P bare-metal servers each with 96GB RAM, each has 20 exit relays on them. This issue persists after upgrading to 0.4.7.11.
Screenshots of perf top are shared here: https://digitalcourage.social/@EmeraldOnion/109440197076214023
Does anyone have experience troubleshooting and/or fixing this problem?
Cheers,
--
Christopher Sheats (yawnbox)
Executive Director
Emerald Onion
Signal: +1 206.739.3390
Website: https://emeraldonion.org/
Mastodon: https://digitalcourage.social/@EmeraldOnion/
Hi,
So my bridge at
https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1…
says it has “none “, though the torrc file has it set to be distributed
publicly. I'm wondering why the bridge would say that, when it obviously is
being used as it's apparently blocked in Russia? I have not personally
given the bridge to anyone. Thanks.
--Keifer
My node is overloaded with connections. Conntrack.sh shows count: 65535. By
far the majority (50k+) are to/from my own IP. This sometimes makes my node
unreachable. And now it is reporting the StaleDesc flag.
There is nothing else running on this node (except bind9). I've already set
up tor-ddos. What else can I do?
--
Jeff Teitel
e-Mail: Jeff(a)Teitel.net
Mobile: +1-202-271-1238
(he/his)