tor-relays

tor-relays@lists.torproject.org

36 participants
4815 discussions

Leaseweb exit relay notice
by blaatenator 21 May '15

21 May '15

Hi all, FYI: Yesterday I got the notice below from Leaseweb. I picked them because Leaseweb is mentioned in the Good/Bad ISP <https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs> post. Apparently a blacklist named SECTOOR added a whole IP block of Leaseweb to block my Exit relay. Since this list is used by some bigger corporations, it got some other customers in trouble and they asked me to restrict the mentioned ports. I understand the reasoning and can't blame them for asking my I guess (and since most relevant ports are not mentioned I guess it is not too bad), but I found it a bit weird that a whole subnet is being listed. On 05/20/2015 03:20 PM, Lesley Koomen wrote:> Dear sir, madam, > > It appears you are hosting a TOR node on your LeaseWeb IP address. > This has resulted in the block of a (part) LeaseWeb IP subnet. (/24) > As the subnet is added on the SECTOOR blacklist > (http://www.sectoor.de/tor.php) this is affecting customers in the same > range as yourself. > > The SECTOOR blacklist is e.g. implemented by Hotmail, Live and Gmail. > This results in other customers not being able to longer use the mail > services of these companies. > Sectoor TOR DNSBL lists every IP address which is known to run a tor > server and allow their clients to connect to one of the following ports: > > * Port 25 > * Port 194 > * Port 465 > * Port 587 > * Port 994 > * Port 6657 > * Ports 6660-6670 > * Port 6697 > * Ports 7000-7005 > * Port 7070 > * Ports 8000-8004 > * Port 9000 > * Port 9001 > * Port 9998 > * Port 9999 > > > Therefore, we kindly, yet urgently ask you to disable the connection to > the mentioned ports within 24 hours. Failure to comply and respond > (confirm) to this warning, will result in a block of your involved IP > address(es). > > Thank you for your co-operation and understanding. > > > > Kind regards, > > Lesley Koomen > Team Manager Abuse Prevention

8 10

HOWTO: deliver tor-exit-notice_DE.html over ipv6 port 80 too
by Toralf Förster 21 May '15

21 May '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 B/c ipv6 of Tor implements currently no DirPort I copied+pasted together the following solution to deliver a Tor exit notice over HTTP port of ipv6 too : The python snippet runs under a non-privileged user w/o login shell : $ cat ipv6-httpd.py import socket from BaseHTTPServer import HTTPServer from SimpleHTTPServer import SimpleHTTPRequestHandler class MyHandler(SimpleHTTPRequestHandler): def do_GET(self): return SimpleHTTPRequestHandler.do_GET(self) class HTTPServerV6(HTTPServer): address_family = socket.AF_INET6 def main(): server = HTTPServerV6(('::', 8181), MyHandler) server.serve_forever() if __name__ == '__main__': main() The ip6table rules to redirect fort 80 from outside to the local non-privileged port : from=80 to=8181 $IPT -t nat -A PREROUTING -i enp3s0 -p tcp -m tcp --destination-port $from -j REDIRECT --to-ports $to $IPT -A INPUT -p tcp -m tcp --destination-port $to -j ACCEPT And finally the script to start it during boot : $> cat /home/simplehttp/ipv6-httpd.sh #!/bin/sh # d=$(mktemp -d /tmp/XXXXXX) &&\ cd $d &&\ cp /etc/tor/tor-exit-notice_DE.html ./index.html &&\ nice python ~/ipv6-httpd.py 1>./log 2>&1 :-) - -- Toralf pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlVeC48ACgkQxOrN3gB26U59HwD8CwnBIpZOkq8tN01ciWsZQh7c FO42AGmkkhCI/CbucnYA/j3zSq1wJzuHgMdWZUbQCQvHt+KEYkobdNkcHqkK3mWE =FA7E -----END PGP SIGNATURE-----

1 1

[warn] Tried to establish rendezvous on non-OR or non-edge circuit.
by Cmar433 21 May '15

21 May '15

Hi people .. i yesterday started IPV6 but now i see in log following messages periodically part of my torrc below. I only add ipv6 lines. Any idea ? or its normal ? Thanks Cmar ORPort 37.157.192.208:443 ORPort [2a02:2b88:2:1::3a62:1]:9050 ## If you want to listen on a port other than the one advertised in ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as ## follows. You'll need to do ipchains or other port forwarding ## yourself to make this work. #ORPort 443 NoListen #ORPort 127.0.0.1:9090 NoAdvertise ## The IP address or full DNS name for incoming connections to your ## relay. Leave commented out and Tor will guess. Address 37.157.192.208 ## If you have multiple network interfaces, you can specify one for ## outgoing traffic to use. OutboundBindAddress 37.157.192.208 info from log: May 19 22:42:03.000 [notice] Average packaged cell fullness: 99.082% May 19 22:42:03.000 [notice] TLS write overhead: 3% May 19 22:42:03.000 [notice] Circuit handshake stats since last time: 118791/118793 TAP, 161141/161141 NTor. May 19 23:13:45.000 [warn] Tried to establish rendezvous on non-OR or non-edge circuit. May 20 03:08:03.000 [warn] Tried to establish rendezvous on non-OR or non-edge circuit. May 20 03:33:54.000 [warn] Tried to establish rendezvous on non-OR or non-edge circuit. May 20 04:42:03.000 [notice] Heartbeat: Tor's uptime is 18:00 hours, with 4375 circuits open. I've sent 211.07 GB and received 203.24 GB.

3 2

BWauth kookiness
by starlight.2015q2＠binnacle.cx 20 May '15

20 May '15

Some possible fallout related to the earlier discussion [tor-relays] amount of unmeasured relays continuously rising since 2 weeks https://lists.torproject.org/pipermail/tor-relays/2015-May/007003.html My relay Binnacle 4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF1F2 has 9375 Kbyte (75 Mbit) of unfuzzy (no ISP traffic shaping) bandwidth, but in the last few days the BWAuths' opinion went from # gabelmoo # tor26 # moria1 # longclaw bw1-w Bandwidth=7382 Measured=7100 *bw2-w Bandwidth=7382 Measured=9330 bw3-w Bandwidth=7382 Measured=13700 GuardFraction=69 bw4-w Bandwidth=7382 Measured=23700 to bw1-w Bandwidth=9375 Measured=17100 bw3-w Bandwidth=9375 Measured=77900 GuardFraction=75 *bw4-w Bandwidth=9375 Measured=23000 * selected for consensus While it's flattering to be promoted to double the actual capacity, with the potential to go 8x, I suspect it's may not a great idea in the grand scheme of things. And to think at one time I was feeling short-changed. . . FYI BWauths Regards

2 2

Tor Consensus Weight Stuck at 20 (Even on Relay with "Stable" Flag)
by Neel Chauhan 19 May '15

19 May '15

Hi, I have a Tor relay (https://atlas.torproject.org/#details/342587A287603040A49BB364D72EAC0B6BC3D…) running from a FreeBSD server at my house on with a 5 megabit upstream connection. I have seen that lately, Tor's "Consensus Weight" value on this relay has not been going anywhere above (or below) 20. My relay has gotten the "Stable" flag, but yet didn't see it's consensus weight value rise. I decided to look at https://consensus-health.torproject.org/, and saw that two of the four bandwidth consensus servers, namely tor26 (86.59.21.38) and longclaw (199.254.238.52) don't seem to be calculating any consensus value for Tor relays in the last few days. Has anyone else been having this problem? And if the Tor consensus operators are reading this, (approximately) when would this problem get resolved? Thanks, Neel Chauhan

8 17

Tor relay/btc node script
by torelay 18 May '15

18 May '15

I've written my first script. It is to automate the process of setting up a tor relay/bridge (published or not) and a bitcoin full node (with hidden service url and/or clearnet ip) on a fresh debian os. The script is at https://github.com/mktx-code/relay-node. To write it I used a combination of the sky-ip tuts and random github codes for syntax and structuring. Please give me any comments criticisms. Appreciated.

2 1

Re: [tor-relays] Windows Tor Server Guide
by Ben Serebin 18 May '15

18 May '15

Hi there... 1st post (I figured after years of donating to EFF, I should run a tor relay). I've searched and read many posts on tor-relays and the best Windows Tor Server Guide I found was this below one by Rafael Rodriguez. A few questions, and apologies if they seem silly, but there is scant info out there for us Windows admins. - is a web server needed? - the below email post had the slashes stripped from the path entries which makes it tricky to follow (talk about an annoying mail-list process). Overall, throw all the files in a single dir? - before I load it as a service, once all files and config the "torrc" can I just launch the tor.exe and then test it's working? - is this the only way to run a relay on Windows? Hoping there's a special approach to simplify the process (now I know why there aren't more of them). Thanks, -Ben Rafael Rodriguez rafaelr at icctek.com Wed Nov 5 00:47:46 UTC 2014 Previous message: [tor-relays] Windows Tor Server Guide Next message: [tor-relays] Windows Tor Server Guide Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Hi, here is it. Please, feel free to contribute to it. RUNNING A TOR SERVER IN WINDOWS - Download latest Tor Browser Bundle. - Install to c:tor - Create a temporary folder on your Desktop and name it "server". - Copy all files from C:TorBrowserTorBrowserDataTor to the "server" folder on the Desktop. - Browse to C:TorBrowserTorBrowserTor; delete the folder "PluggableTransports" and it content. - Copy all files from C:TorBrowserTorBrowserTor to the "server" folder on the Desktop. - Browse to C:Tor and delete everything inside that folder. C:Tor should be completely empty at this point. - Move all files from the "server" folder on your Desktop to C:Tor - Browse to C:Tor and create a new folder named "datadir". - Create a new text file in C:Tor named "notices" (I myself use notices.log but we want to keep it simple for users who may not know how to change the file extension from .txt to .log) - EDIT C:TORTORRC FILE: (this could be the torrc-defaults file and all its comments). Note that the sample below is just for references. Each user needs to define her/his own parameters based on their own needs and that's impossible for me to cover in a single file for everyone. Hence, each parameter should be included in the torrc-defaults with due comments to be used as reference. Also, noted that I'm using IPv4 geoip by default. Users using IPv6 should define geoip6 in their torrc file. Then again, I cannot use a single sample file for all deployments. The defaults file should be used as reference once again. DATADIRECTORY .DATADIR LOG NOTICE FILE .NOTICES.TXT GEOIPFILE .GEOIP AvoidDiskWrites 1 SocksPort 0 ORPort 9001 DirPort 9030 ExitPolicy reject *:* Nickname RelayBandwidthRate RelayBandwidthBurst Up until this point, all I've written is nothing more than using the default Tor Bundle to create a "Server" package. All steps above could be made easier for users if a "Tor Windows Server" package was available for download on the Tor Project or somewhere else. I refuse the idea of creating such package myself to distribute it since many packages could start floating on the net and bad intentioned people could bundle them with arbitrary code, viruses and so on. A Windows Installer package can be built for distribution though. Next, I will address the two main things we need to run tor as a Windows service (server): 1- Install Tor as Windows Service. 2- Security (Isolating the Tor service). INSTALL TOR AS WINDOWS SERVICE I personally use nssm [2] (Non-Sucking Service Manager) myself to register the service but feel free to use default Windows tools for registering Tor service if you believe so. Anyways, irrespective the tool used to register the Tor service, we just need the following: Service: C:Tortor.exe Name: TorServer Parameters: -f C:Tortorrc Start the TorServer service and everything should just work at this point. The datadir directory will be populated with tor files once started and the notices.txt file will also reflect so. SECURITY (Quick explanation - We can go into details later) - Create a Standard user account and name it Tor with a strong password. - Policies: 1- Deny access to this computer from the network 2- Deny log on locally 3- Deny log on through Remote Desktop Services - NTFS Permissions for Tor windows user account: 1- Read/Write permissions to datadir folder 2- Read/Write permissions to notices.txt or (notices.log) file - Open Services, Start -> Run -> type "services.msc" without quotes, press enter and your Services window will pop up. Scroll down and find the TorServer service and double click it. Move to the LOG ON tab and set the "Log on as: This account: .TOR. Enter the strong password for the Tor user account in the password field and apply changes. Restart the service and now Tor will be running in its own isolated/limited account in Windows.

2 3

Job for tor.service failed.
by tor-server-creator＠use.startmail.com 14 May '15

14 May '15

hi there. 0.2.5.12 on debian jessie: "service tor reload" causes message: "Job for tor.service failed. See 'systemctl status tor.service' and 'journalctl -xn' for details." it says something like "failed to start LSB"? any advice for me please? cheers

3 3

Authdir is rejecting routers in this range
by Tim Semeijn 13 May '15

13 May '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In my venture to find more ISPs to house Tor Exit nodes I have recently set up a node in Switzerland (Private Layer - 179.43.160.41). When running Tor 6 out of 9 Authdirs are rejecting the node: - ---- May 12 20:31:02.000 [warn] http status 400 ("Authdir is rejecting routers in this range.") response from dirserver '86.59.21.38:80'. Please correct. May 12 20:31:02.000 [warn] http status 400 ("Authdir is rejecting routers in this range.") response from dirserver '131.188.40.189:80'. Please correct. May 12 20:31:02.000 [warn] http status 400 ("Authdir is rejecting routers in this range.") response from dirserver '171.25.193.9:443'. Please correct. May 12 20:31:02.000 [warn] http status 400 ("Authdir is rejecting routers in this range.") response from dirserver '208.83.223.34:443'. Please correct. May 12 20:31:02.000 [warn] http status 400 ("Authdir is rejecting routers in this range.") response from dirserver '199.254.238.52:80'. Please correct. May 12 20:32:04.000 [warn] http status 400 ("Authdir is rejecting routers in this range.") response from dirserver '154.35.175.225:80'. Please correct. - ---- I looked through the mailing lists and blog posts to find out if this range was mentioned somewhere to see why it gets rejected but I could not find anything. Can anyone shed some light on why this range would be blocked and if there is any chance it will get accepted again in the near future? Best regards, - -- Tim Semeijn Babylon Network pgp 0x5B8A4DDF -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJVUloCAAoJEIZioqpbik3fc/UQAKWstydq4S2OjRko7jhd1oXS kcde4a39nk1lvB/YtHCZJtHVkyypnLbdjmvPlcVSIk3Qqaj/40lu05caWThq5ZgI y90SEnumUHaWslYtKVUAFmgQAXv7lkAs6Svf3ZxZ9PT+NQMpWhyrrlmJ2hakF01Q /z46NU9YhL2dqCXG/w75gmrP87aYZ/2jOMIEZxi4ZIp6OlJXIGoaI8lCQrYWFstH zuC1JDnPwgGhqnB//JBKilrwEalk/kXZDodWpHvllUDqywvn1OOn/Do2JRETqxuV czVy7Ez/s19fk1ltWZyblDS6xsT0gYowH3c0zYovY/s0G1Y7KD50Jr1MEVpiv19/ 9NBHErEUEec8C+h6UoiSXoDKg5Q999uEtMJNJ0/AzlvyWN3+eXtNc/XmBpxzbIGR gQ+w30vyQNwXJFZkpq0wGIXSbXWpsgKYyxNRnokCNFx/AQpjGFUBauXDj5EcpzXJ m3on4LHH9IYbek3EKjhivJ2MjK5lRfjtINtoBx8nanliOY21Pf9js+bAxDFhorhZ wFdijEVGvoUlu/SWOlEuaQlNSBoVXxqBQQo/MVSgJpMUNRngshQslg9qI42Bd5Pn pxJ44X161/PUdChWc6hQ01dAXLNFR07+1OT/9vnSRBaaHFsstU3gI99hFZ1chhps BK+QwwxupISJchliUZZ1 =nWDs -----END PGP SIGNATURE-----

2 1

Port configuration on non-exit relay
by aredocilla＠gmail.com 13 May '15

13 May '15

Hi all, I'm running a non-exit on Amazon EC2. I followed the (out-of-date) docs online (which are no longer online!), which instructed me to open the following inbound ports in the security policy: 52176, 40872, 22, 443. Obviously 22 is for SSH, and 443 seems to be the standard choice for ORPort. What are the other two for? They don't seem to be used; should I disable them? The other thing is: I've enabled obfsproxy with obfs3 and obfs4 bound to different ports on 0.0.0.0: ServerTransportListenAddr obfs3 0.0.0.0:587 ServerTransportListenAddr obfs4 0.0.0.0:80 Is that optimal? Presumably also: - I should add additional lines for listening on [::] on the same ports to enable ipv6 obfsproxy connections; - I should also open these ports in the security policy? Best wishes, allicoder -- PGP key available on request

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays