On 31 Jan 2017, at 02:46, gustavo panizzo (gfa) gfa@zumbi.com.ar wrote:
Please send us your actual torrc:
that's my actual torrc, I've only edited HashedControlPassword
Then please reload your torrc so that your tor process is using it.
What I meant to say is that I edited HashedControlPassword on the email
What I need to know is whether the torrc you provided is actually the one being used by tor.
- your torrc has a DirPort, but your relay on atlas does not
(this might be because you have a bandwidth limit set)
- your torrc says IPv6Exit, but your relay on atlas does not exit to
IPv6
Port is open, tor is listening. no fw rules for IPv6
That's the ORPort, an entry port.
You are right, tor wasn't listening on the DirPort on IPv6. I've fixed that a few hours ago.
No tor version or role uses the IPv6 DirPort, and it's a pain to configure.
You say you have IPv6Exit and an ExitPolicy set in the torrc.
I have exit rules for both, same rules apply to both protocols. An tor knows it
Tor[22587]: tor_addr_parse_mask_ports(): '*:6881-6999' expands into rules which apply to all IPv4 and IPv6 addresses. (Use accept/reject *4:* for IPv4 or accept[6]/reject[6] *6:* for IPv6.)
Tor[22587]: tor_addr_parse_mask_ports(): '*:*' expands into rules which apply to all IPv4 and IPv6 addresses. (Use accept/reject *4:* for IPv4 or accept[6]/reject[6] *6:* for IPv6.)
But if your ExitPolicy starts by rejecting IPv6 (as it does when IPv6Exit is not set), none of these rules will ever be used.
But your relay does not exit to IPv6, both atlas (IPv6 Exit Policy Summary) and your relay's descriptor (ipv6-policy) show that it does not allow any IPv6 ports:
https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677...
(large file) https://collector.torproject.org/recent/relay-descriptors/server-descriptors...
Either that, or there is a bug in Tor relating to IPv6 Exit policies. But I can't see anywhere in the code that makes the IPv6 exit policy dependent on anything except ExitPolicy and IPv6Exit.
Are there any log entries relating to IPv6 or exit policies?
See above
Your relay still does not exit to IPv6. This looks like it might be a tor bug, we're looking into it.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------