I still can't make the relay function work, I'd really like to contribute by participating as a relay.

I believe my router's port forwarding is set up correctly. My ufw firewall is disabled. My router shows port forwarding set to the proper IP address for my computer and there is an entry for port 9001 and port 9030, which are custom entries I set up for Tor.

I have screen captures for the router pages showing details of the router port forwarding setup, but probably shouldn't send them via the list as attachments. I'll email them to anyone who would like to see them, please send me a request OFF-LIST.

TIA,

Art



On 03/20/2013 02:01 AM, Matt Joyce wrote:
On 20/03/13 03:43, Lance Hathaway wrote:
On 19/03/2013 6:23 PM, Art wrote:
On 03/19/2013 03:43 PM, Stephen Mollett wrote:
 it Hi,


On Tuesday, 19 March 2013 at 13:57, Art <ky1k@myfairpoint.net> wrote:

I entered 9001 in the Global PortStart box andthe other empty boxes 
on the setup page are Global PortEnd
and Base HostPort. What values do I put in the Global PortEnd and Base HostPort boxes????
If your router's config works anything like my Thomson one, you probably need to put 9001 in Global PortEnd (so it forwards ports 9001-9001, i.e. just the one port) and 9001 in the Base HostPort, meaning that it should forward incoming connections on port 9001 to port 9001 on the machine running your relay. (This style of configuration interface allows you to do other, more complex, stuff like, say, forwarding incoming ports 1234-1240 to a block of ports on your PC starting at 7654, for example - you would set Global PortStart to 1234, Global PortEnd to 1240 and Base HostPort to 7654.)

You may have to add a separate service for port 9030 if the router doesn't allow you to have more than one port range for a single service.

Hope this helps.


Stephen


Hi Stephen and the group,

I think the error mentioned earlier is not significant.

The router says it's firewall setting is running without any
protection being provided, which means no ports are blocked.

However, when I try to run a relay, it does not work.

Below is the message file, which shows the failure mode.

I do run the ufw firewall, but I disabled it (sudo ufw disable) so
the ufw firewall shouldn't be blocking any ports either.

I'm at a loss-

I am running Xubuntu 12.10 in a homebuilt (late model) Asus
motherboard with lots of ram and an FX6100 processor.

Are there any other parameters or settings to look at/check??


Mar 19 20:30:05.977 [Notice] Tor v0.2.3.25 (git-17c24b3118224d65)
running on Linux.
Mar 19 20:30:05.978 [Notice] Tor can't help you if you use it wrong!
Learn how to be safe at
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

https://www.torproject.org/download/download#warning
Mar 19 20:30:05.978 [Notice] Read configuration file
"/home/artie/tor-browser_en-US/App/../Data/Tor/torrc".
Mar 19 20:30:05.978 [Notice] Initialized libevent version
2.0.21-stable using method epoll (with changelist). Good.
Mar 19 20:30:05.978 [Notice] Opening Socks listener on 127.0.0.1:9150
Mar 19 20:30:05.978 [Notice] Opening Control listener on 127.0.0.1:9151
Mar 19 20:30:05.978 [Notice] Opening OR listener on 0.0.0.0:9001
Mar 19 20:30:07.416 [Notice] Parsing GEOIP file ./Data/Tor/geoip.
Mar 19 20:30:07.416 [Notice] No AES engine found; using AES_* functions.
Mar 19 20:30:07.416 [Notice] This OpenSSL has a good implementation
of counter mode; using it.
Mar 19 20:30:07.416 [Notice] OpenSSL OpenSSL 1.0.0k 5 Feb 2013 looks
like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
Mar 19 20:30:07.416 [Notice] Your Tor server's identity key
fingerprint is 'GIOTOR F5DA739B206D8B5ED45FDBD236E8064989B0E015'
Mar 19 20:30:07.416 [Notice] Reloaded microdescriptor cache.  Found
3584 descriptors.
Mar 19 20:30:07.416 [Notice] We now have enough directory information
to build circuits.
Mar 19 20:30:07.416 [Notice] Bootstrapped 80%: Connecting to the Tor
network.
Mar 19 20:30:07.417 [Notice] New control connection opened.
Mar 19 20:30:08.119 [Notice] Heartbeat: Tor's uptime is 0:00 hours,
with 4 circuits open. I've sent 0 kB and received 0 kB.
Mar 19 20:30:08.177 [Notice] Bootstrapped 85%: Finishing handshake
with first hop.
Mar 19 20:30:08.506 [Notice] Bootstrapped 90%: Establishing a Tor
circuit.
Mar 19 20:30:10.050 [Notice] Guessed our IP address as 71.241.197.41
(source: 31.172.30.1).
Mar 19 20:30:10.892 [Notice] Tor has successfully opened a circuit.
Looks like client functionality is working.
Mar 19 20:30:10.892 [Notice] Bootstrapped 100%: Done.
Mar 19 20:30:10.893 [Notice] Now checking whether ORPort
71.241.197.41:9001 is reachable... (this may take up to 20 minutes --
look for log messages indicating success)
Mar 19 20:30:16.131 [Notice] Our directory information is no longer
up-to-date enough to build circuits: We have only 1843/3251 usable
descriptors.
Mar 19 20:30:16.131 [Notice] I learned some more directory
information, but not enough to build a circuit: We have only
1843/3251 usable descriptors.
Mar 19 20:30:17.809 [Notice] Tor has successfully opened a circuit.
Looks like client functionality is working.
Mar 19 20:30:17.809 [Notice] Now checking whether ORPort
71.241.197.41:9001 is reachable... (this may take up to 20 minutes --
look for log messages indicating success)
Mar 19 20:30:23.808 [Notice] I learned some more directory
information, but not enough to build a circuit: We have only
1939/3251 usable descriptors.
Mar 19 20:30:27.973 [Notice] I learned some more directory
information, but not enough to build a circuit: We have only
2035/3251 usable descriptors.
Mar 19 20:30:29.109 [Notice] I learned some more directory
information, but not enough to build a circuit: We have only
2131/3251 usable descriptors.
Mar 19 20:30:29.887 [Notice] I learned some more directory
information, but not enough to build a circuit: We have only
2227/3251 usable descriptors.
Mar 19 20:30:30.317 [Notice] I learned some more directory
information, but not enough to build a circuit: We have only
2293/3251 usable descriptors.
Mar 19 20:30:31.484 [Notice] I learned some more directory
information, but not enough to build a circuit: We have only
2389/3251 usable descriptors.
Mar 19 20:30:32.027 [Notice] We now have enough directory information
to build circuits.
*Mar 19 20:50:09.088 **[Warning] Your server (71.241.197.41:9001) has
not managed to confirm that its ORPort is reachable. Please check
your firewalls, ports, address, /etc/hosts file, etc.**
*
TIA,

Art
Hi Art,

Even if your router's firewall is not blocking anything, you probably
still have to forward ports to bypass the router's NAT.

 -Lance
Lance is correct, unless you have the router running in bridged mode
giving your internal machines a valid external IP address it will be
running NAT and thus nothing is accessible from the outside without a
forwarding rule.  It almost invariably will not be in bridged mode
unless configured that way separately so if you arn't sure what that is
then you will no doubt need the rule.