Hi
I am running tor 0.2.4.20 from official RPM repositories on my local machine (Fedora 20). I can use it to surf the web and https://check.torproject.org/ (besides others) tells me that tor is running. I had the same problem with 0.2.3.25 from fedora's own repository.
According to `netstat -tulpen` tor listens on 0.0.0.0:9001, 0.0.0.0:9030, and Control port + Socks port. I configured my Router to port-forward 9001 and 9030 for both TCP+UDP and IPv4+IPv6. How can I test that this worked?
I am running a local firewall but it does not seem to matter whether it is enabled or disabled.
Is there anything else I could be missing?
Regards Chris
Hi Chris,
First of all, this mailing list is public and posting a Tor log with your IP in there is not advisable, so I would suggest to remove sensitive data prior to attaching the log next time ;). Some remarks on the log file you posted: - Your OpenSSL version was not compiled with options that are supported by 64-bit operating systems, so you could enhance the performance a lot by compiling it with the right flags. - The IP address in the log file differs from the one from the last entry in the consensus database for genodeftest and your fingerprint is also different. This is an indication that your WAN IP assigned by your ISP is not static. The Tor process can handle this, but a static IP is advisable since this increases the reliability of your relay a lot. - There are to warnings in your log file, one concerning the microdescriptor cache. I don't know what causes this error, can someone else elaborate on this? It is not the cause of the problem though, i think. - You mention having forwarded control and socks/ORport ports in your router, but your logs tell that the DirPort is 9030, the ORport is 9001. It is okay now, but I would strongly advise not to forward the control port in your router, since it severely lowers the security of your relay if the control port is reachable from the internet.
According to your description, Tor seems to be configured correctly for basic (exit-)relay operation and the usage as a client. I therefore assume that the configuration of your router gives rise to the error.
*Have you assigned a static IP address to the node in younetwork on which Tor is running on? Otherwise, the port mapping in therouter will fail the moment that this node gets a new DHCP lease from your router. Can you check that?*
Kind regards, Viktor
2014/1/20 Christian Stadelmann chris.privat@genodeftest.de:
Hi
I am running tor 0.2.4.20 from official RPM repositories on my local machine (Fedora 20). I can use it to surf the web and https://check.torproject.org/ (besides others) tells me that tor is running. I had the same problem with 0.2.3.25 from fedora's own repository.
According to `netstat -tulpen` tor listens on 0.0.0.0:9001, 0.0.0.0:9030, and Control port + Socks port. I configured my Router to port-forward 9001 and 9030 for both TCP+UDP and IPv4+IPv6. How can I test that this worked?
I am running a local firewall but it does not seem to matter whether it is enabled or disabled.
Is there anything else I could be missing?
Regards Chris
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Besides, did you know that your relay was last listed in the consensus database on the 10th of January with an older version of Tor (0.2.3.25)? Did you happen to change something on that day? Are you also possible running a firewall of which you could post the configuration?
Regards, Viktor
2014/1/20 Viktor Haaksman viktorhaaksman@gmail.com
Hi Chris,
First of all, this mailing list is public and posting a Tor log with your IP in there is not advisable, so I would suggest to remove sensitive data prior to attaching the log next time ;). Some remarks on the log file you posted:
- Your OpenSSL version was not compiled with options that are supported by
64-bit operating systems, so you could enhance the performance a lot by compiling it with the right flags.
- The IP address in the log file differs from the one from the last entry
in the consensus database for genodeftest and your fingerprint is also different. This is an indication that your WAN IP assigned by your ISP is not static. The Tor process can handle this, but a static IP is advisable since this increases the reliability of your relay a lot.
- There are to warnings in your log file, one concerning the
microdescriptor cache. I don't know what causes this error, can someone else elaborate on this? It is not the cause of the problem though, i think.
- You mention having forwarded control and socks/ORport ports in your
router, but your logs tell that the DirPort is 9030, the ORport is 9001. It is okay now, but I would strongly advise not to forward the control port in your router, since it severely lowers the security of your relay if the control port is reachable from the internet.
According to your description, Tor seems to be configured correctly for basic (exit-)relay operation and the usage as a client. I therefore assume that the configuration of your router gives rise to the error.
*Have you assigned a static IP address to the node in younetwork on which Tor is running on? Otherwise, the port mapping in therouter will fail the moment that this node gets a new DHCP lease from your router. Can you check that?*
Kind regards, Viktor
2014/1/20 Christian Stadelmann chris.privat@genodeftest.de:
Hi
I am running tor 0.2.4.20 from official RPM repositories on my local machine (Fedora 20). I can use it to surf the web and https://check.torproject.org/ (besides others) tells me that tor is running. I had the same problem with 0.2.3.25 from fedora's own repository.
According to `netstat -tulpen` tor listens on 0.0.0.0:9001, 0.0.0.0:9030, and Control port + Socks port. I configured my Router to port-forward 9001 and 9030 for both TCP+UDP and IPv4+IPv6. How can I test that this worked?
I am running a local firewall but it does not seem to matter whether it is enabled or disabled.
Is there anything else I could be missing?
Regards Chris
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 01/20/2014 03:13 PM, Christian Stadelmann wrote:
According to `netstat -tulpen` tor listens on 0.0.0.0:9001, 0.0.0.0:9030, and Control port + Socks port. I configured my Router to port-forward 9001 and 9030 for both TCP+UDP and IPv4+IPv6. How can I test that this worked?
From the log, it looks like *DirPort* and ORPort, not control port. The
control port, if set, should not be exposed to the Internet. You don't need it for relay operation.
Your logs state that neither 88.217.180.55:9001 nor 88.217.180.55:9030 are reachable from the Internet, so there must be a problem with your port forward setup. It's hard to diagnose this remotely. portforward.com seems to be a popular site to help with these kinds of issues.
tor-relays@lists.torproject.org
-
Christian Stadelmann -
Moritz Bartl -
Viktor Haaksman