Hi,
On Tue, Jan 07, 2014 at 02:59:24AM -0800, I wrote:
Mathew, The only addition to the bare, no doubt minimal, CentOS VPS is Tor run as an exit. The port failing to be accessible is 9030 - the dir port. The interesting thing is that another similar VPS was working but now 9030 is not accessible. Perhaps paying for a VPS a year in advance and no written objection to Tor left me vulnerable to various methods of reducing their exposure to copyright litigation. Other VPSs still have the statement "Tor relays are ok" on their site yet emailed me that they must stop once I'd paid a year in advance. So if I can avoid discussion with them and force the port open it might keep one exit running for a while. Robert
It's CentOS 6. Apart from that I don't know what you need to know. I presumed unix type commands work in general. Any help from the list will probably beat the help desk.
Robert
"ipables -L" should tell you if your machine is blocking ports with its own firewall. (It seems odd for your host to block specific ports.)
The one CentOS machine I've set up did have a firewall that blocked incoming connections on most ports by default (I'm completely ignorant of CentOS in general, so I don't know if this is the standard setup or not):
Check out /etc/sysconfig/iptables. That lists the firewall rules that are applied when the machine boots. The default looked something like this for me:
# Generated by iptables-save v1.4.7 on Mon Oct 7 20:11:26 2013 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [379:66816] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Mon Oct 7 20:11:26 2013
The most relevant line is the one that contains "--dport 22". It opens port 22 to new connections. You could open port 9030 by adding this line below it:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 9030 -j ACCEPT
And so forth for other ports, followed by a "service iptables reload".
(Maybe there's a better CentOSy way of doing this; I don't claim to know. I hope this is useful.)
Most distros I have come across have all ports open by default. Do you know which ports you would like open? Is it just the required ports for Tor + SSH, or are you running additional services?
Most users use IPTables for firewalling. __________________________________________________________________
[1]Try IM ToolPack Try FREE IM ToolPack at [2]www.imtoolpack.com Capture screenshots, upload images, edit and send them to your friends through IMs, post on Twitter^®, Facebook^®, MySpace^™, LinkedIn^® – FAST!
References
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays