Hello everyone, this is my first post, and would be very grateful for help.
My Tor relay (0.2.5.10 and now compiled from source) has had a checkered history since I installed it, first on an Efika MX in December (which proved unstable), and then on a Raspberry Pi model 2 (Linux 3.18.8-v7+) starting a couple or so weeks ago.
In trying to follow recommendations, and wanting to be helpful to less fortunate souls, I changed from the usual ORPort 9001 and DirPort 9030 (which worked) to ports 443 and 80 respectively. I now know that this is a pathway to misery and sorrow.
With ORPort 443 Tor could not confirm the port was reachable even though it was wide open to online port checkers and nmap -sT -O localhost shows ports 22/tcp, 80/tcp, 443/tcp to be open.
And yet torstatus monitors show many relays displaying ports ORPOrt 443 and DirPort 80 running on Linux.
Yesterday I swapped the ports and within a moment ORPort 80 was confirmed and server descriptor published. DirPort 443 fails to confirm it is reachable.
sudo iptables -L -nv Chain INPUT (policy DROP 4328 packets, 200K bytes) pkts bytes target prot opt in out source destination 144K 60M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 91861 23M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 4711 1087K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 1497K 202M ACCEPT all -- * * 192.168.1.0/24 0.0.0..0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 1221K 1521M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2929K packets, 1979M bytes) pkts bytes target prot opt in out source destination
So what is it about port 443 on my little RP 2 that Tor dislikes?
On Wed, 04 Mar 2015 16:31:27 +0100 oseump oseump@proxymail.eu wrote:
With ORPort 443 Tor could not confirm the port was reachable even though it was wide open to online port checkers and nmap -sT -O localhost shows ports 22/tcp, 80/tcp, 443/tcp to be open.
Where are you running this from? You said a Raspberry Pi; Is this on a home/residential network? If so, my first inclination is that your ISP is blocking incoming connections on certain ports. I know this is common in my area with port 25, 80, and 443 to prevent customers from running servers.
A netstat/nmap on localhost will confirm that Tor is listening on the port, but wont confirm the outside world can access it. You said you used "online port checkers" - double check this. Try running a simple http server on port 443 (you don't need to setup ssl necessarily, just run it at http://1.2.3.4:443) and seeing if you can connect from your mobile phone or something.
I believe you when you said you checked, but sometimes online port checkers can be iffy and even your ISP might be doing some weird conditional filtering. I run my Tor relays on 443 and it worked without issue.
And yet torstatus monitors show many relays displaying ports ORPOrt 443 and DirPort 80 running on Linux.
Yesterday I swapped the ports and within a moment ORPort 80 was confirmed and server descriptor published. DirPort 443 fails to confirm it is reachable.
So what is it about port 443 on my little RP 2 that Tor dislikes?
tor-relays@lists.torproject.org
-
oseump -
Stephen R Guglielmo