Check your firewall, and gateway port forwards if the server is behind a NAT. If you're not sure where to start, post the output of "sudo iptables -L"
--Sean
I've made several iptables and saved them, I thought, however every time I reboot the VPS all my rules are gone. ~$ sudo iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
but: cat /etc/iptables.rules # Generated by iptables-save v1.4.21 on Fri Dec 4 04:30:56 2015 *raw :PREROUTING ACCEPT [2424:210831] :OUTPUT ACCEPT [1856:540218] COMMIT # Completed on Fri Dec 4 04:30:56 2015 # Generated by iptables-save v1.4.21 on Fri Dec 4 04:30:56 2015 *nat :PREROUTING ACCEPT [229:8057] :POSTROUTING ACCEPT [86:5885] :OUTPUT ACCEPT [86:5885] COMMIT # Completed on Fri Dec 4 04:30:56 2015 # Generated by iptables-save v1.4.21 on Fri Dec 4 04:30:56 2015 *mangle :PREROUTING ACCEPT [2424:210831] :INPUT ACCEPT [2424:210831] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1856:540218] :POSTROUTING ACCEPT [1856:540218] COMMIT # Completed on Fri Dec 4 04:30:56 2015 # Generated by iptables-save v1.4.21 on Fri Dec 4 04:30:56 2015 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [581:184073]
- -A INPUT -i lo -j ACCEPT
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 9052 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 9051 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 9030 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
- -A INPUT -j DROP
COMMIT # Completed on Fri Dec 4 04:30:56 2015
3:/etc/network$ cat interfaces # This configuration file is auto-generated. # # WARNING: Do not edit this file, your changes will be lost. # Please create/edit /etc/network/interfaces.head and # /etc/network/interfaces.tail instead, their contents will be # inserted at the beginning and at the end of this file, respectively. # # NOTE: it is NOT guaranteed that the contents of /etc/network/interfaces.tail # will be at the very end of this file. #
# Auto generated lo interface auto lo iface lo inet loopback
# Auto generated venet0 interface auto venet0 iface venet0 inet manual up ifconfig venet0 up up ifconfig venet0 127.0.0.2 up route add default dev venet0 down route del default dev venet0 down ifconfig venet0 down
iface venet0 inet6 manual up route -A inet6 add default dev venet0 down route -A inet6 del default dev venet0
auto venet0:0 iface venet0:0 inet static address 167.114.35.28 netmask 255.255.255.255
cat sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6 # Enabling this option disables Stateless Address Autoconfiguration # based on Router Advertisements for this host net.ipv6.conf.all.forwarding=1
iptables doesn't automatically load anything on boot; it starts with a clean slate. Most distros have a preferred way of loading that save file on boot, typically a service of some sort. Check your distro's docs for the specifics.
But before you go enabling the firewall, verify that the tor process is binding to the ports correctly. Restart the VPS, make sure tor is running, then run the following:
"sudo lsof | grep LISTEN"
It should output something like this:
sshd 398 root 3u IPv4 104876616 0t0 TCP *:ssh (LISTEN) sshd 398 root 4u IPv6 104876623 0t0 TCP *:ssh (LISTEN) tor 1129 _tor 6u IPv4 105943714 0t0 TCP *:https (LISTEN) tor 1129 _tor 7u IPv4 105943715 0t0 TCP *:http (LISTEN) tor 1129 1130 _tor 6u IPv4 105943714 0t0 TCP *:https (LISTEN) tor 1129 1130 _tor 7u IPv4 105943715 0t0 TCP *:http (LISTEN)
Note that I'm using the HTTP(S) ports for my relay, you should see the ports you have selected for ORPort and DIRPort. Also note the asterisk indicating that it is listening on all network interfaces. If it only lists one specific interface, ensure that it is the correct (internet-facing) interface.
--Sean