I still can't make the relay function work, I'd really like to contribute by participating as a relay.
I believe my router's port forwarding is set up correctly. My ufw firewall is disabled. My router shows port forwarding set to the proper IP address for my computer and there is an entry for port 9001 and port 9030, which are custom entries I set up for Tor.
I have screen captures for the router pages showing details of the router port forwarding setup, but probably shouldn't send them via the list as attachments. I'll email them to anyone who would like to see them, please send me a request OFF-LIST.
TIA,
Art
On 03/20/2013 02:01 AM, Matt Joyce wrote:
On 20/03/13 03:43, Lance Hathaway wrote:
On 19/03/2013 6:23 PM, Art wrote:
On 03/19/2013 03:43 PM, Stephen Mollett wrote:
it Hi,
On Tuesday, 19 March 2013 at 13:57, Art ky1k@myfairpoint.net wrote:
I entered 9001 in the Global PortStart box andthe other empty boxes
on the setup page are Global PortEnd
and Base HostPort. What values do I put in the Global PortEnd and Base HostPort boxes????
If your router's config works anything like my Thomson one, you probably need to put 9001 in Global PortEnd (so it forwards ports 9001-9001, i.e. just the one port) and 9001 in the Base HostPort, meaning that it should forward incoming connections on port 9001 to port 9001 on the machine running your relay. (This style of configuration interface allows you to do other, more complex, stuff like, say, forwarding incoming ports 1234-1240 to a block of ports on your PC starting at 7654, for example - you would set Global PortStart to 1234, Global PortEnd to 1240 and Base HostPort to 7654.)
You may have to add a separate service for port 9030 if the router doesn't allow you to have more than one port range for a single service.
Hope this helps.
Stephen
Hi Stephen and the group,
I think the error mentioned earlier is not significant.
The router says it's firewall setting is running without any protection being provided, which means no ports are blocked.
However, when I try to run a relay, it does not work.
Below is the message file, which shows the failure mode.
I do run the ufw firewall, but I disabled it (sudo ufw disable) so the ufw firewall shouldn't be blocking any ports either.
I'm at a loss-
I am running Xubuntu 12.10 in a homebuilt (late model) Asus motherboard with lots of ram and an FX6100 processor.
Are there any other parameters or settings to look at/check??
Mar 19 20:30:05.977 [Notice] Tor v0.2.3.25 (git-17c24b3118224d65) running on Linux. Mar 19 20:30:05.978 [Notice] Tor can't help you if you use it wrong! Learn how to be safe at _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
https://www.torproject.org/download/download#warning Mar 19 20:30:05.978 [Notice] Read configuration file "/home/artie/tor-browser_en-US/App/../Data/Tor/torrc". Mar 19 20:30:05.978 [Notice] Initialized libevent version 2.0.21-stable using method epoll (with changelist). Good. Mar 19 20:30:05.978 [Notice] Opening Socks listener on 127.0.0.1:9150 Mar 19 20:30:05.978 [Notice] Opening Control listener on 127.0.0.1:9151 Mar 19 20:30:05.978 [Notice] Opening OR listener on 0.0.0.0:9001 Mar 19 20:30:07.416 [Notice] Parsing GEOIP file ./Data/Tor/geoip. Mar 19 20:30:07.416 [Notice] No AES engine found; using AES_* functions. Mar 19 20:30:07.416 [Notice] This OpenSSL has a good implementation of counter mode; using it. Mar 19 20:30:07.416 [Notice] OpenSSL OpenSSL 1.0.0k 5 Feb 2013 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation Mar 19 20:30:07.416 [Notice] Your Tor server's identity key fingerprint is 'GIOTOR F5DA739B206D8B5ED45FDBD236E8064989B0E015' Mar 19 20:30:07.416 [Notice] Reloaded microdescriptor cache. Found 3584 descriptors. Mar 19 20:30:07.416 [Notice] We now have enough directory information to build circuits. Mar 19 20:30:07.416 [Notice] Bootstrapped 80%: Connecting to the Tor network. Mar 19 20:30:07.417 [Notice] New control connection opened. Mar 19 20:30:08.119 [Notice] Heartbeat: Tor's uptime is 0:00 hours, with 4 circuits open. I've sent 0 kB and received 0 kB. Mar 19 20:30:08.177 [Notice] Bootstrapped 85%: Finishing handshake with first hop. Mar 19 20:30:08.506 [Notice] Bootstrapped 90%: Establishing a Tor circuit. Mar 19 20:30:10.050 [Notice] Guessed our IP address as 71.241.197.41 (source: 31.172.30.1). Mar 19 20:30:10.892 [Notice] Tor has successfully opened a circuit. Looks like client functionality is working. Mar 19 20:30:10.892 [Notice] Bootstrapped 100%: Done. Mar 19 20:30:10.893 [Notice] Now checking whether ORPort 71.241.197.41:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) Mar 19 20:30:16.131 [Notice] Our directory information is no longer up-to-date enough to build circuits: We have only 1843/3251 usable descriptors. Mar 19 20:30:16.131 [Notice] I learned some more directory information, but not enough to build a circuit: We have only 1843/3251 usable descriptors. Mar 19 20:30:17.809 [Notice] Tor has successfully opened a circuit. Looks like client functionality is working. Mar 19 20:30:17.809 [Notice] Now checking whether ORPort 71.241.197.41:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) Mar 19 20:30:23.808 [Notice] I learned some more directory information, but not enough to build a circuit: We have only 1939/3251 usable descriptors. Mar 19 20:30:27.973 [Notice] I learned some more directory information, but not enough to build a circuit: We have only 2035/3251 usable descriptors. Mar 19 20:30:29.109 [Notice] I learned some more directory information, but not enough to build a circuit: We have only 2131/3251 usable descriptors. Mar 19 20:30:29.887 [Notice] I learned some more directory information, but not enough to build a circuit: We have only 2227/3251 usable descriptors. Mar 19 20:30:30.317 [Notice] I learned some more directory information, but not enough to build a circuit: We have only 2293/3251 usable descriptors. Mar 19 20:30:31.484 [Notice] I learned some more directory information, but not enough to build a circuit: We have only 2389/3251 usable descriptors. Mar 19 20:30:32.027 [Notice] We now have enough directory information to build circuits. *Mar 19 20:50:09.088 **[Warning] Your server (71.241.197.41:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.**
TIA,
Art
Hi Art,
Even if your router's firewall is not blocking anything, you probably still have to forward ports to bypass the router's NAT.
-Lance
Lance is correct, unless you have the router running in bridged mode giving your internal machines a valid external IP address it will be running NAT and thus nothing is accessible from the outside without a forwarding rule. It almost invariably will not be in bridged mode unless configured that way separately so if you arn't sure what that is then you will no doubt need the rule.