CentOS Tor exit node broken after updating to 2.8.12

Hello, I recently upgraded my tor version to 2.8.12 from 2.8.9(?) I think. Tor can now no longer bind to ports, as a regular user: /[warn] Could not bind to 0.0.0.0:43: Permission denied/ As root: /Feb 25 11:57:14.942 [notice] Opening OR listener on 0.0.0.0:43// //Feb 25 11:57:14.942 [notice] Opening Directory listener on 0.0.0.0:9030// //Feb 25 11:57:14.942 [notice] Closing partially-constructed Socks listener on 127.0.0.1:9050// //Feb 25 11:57:14.942 [notice] Closing partially-constructed Control listener on 127.0.0.1:9051// //Feb 25 11:57:14.942 [notice] Closing partially-constructed OR listener on 0.0.0.0:43// //Feb 25 11:57:14.942 [notice] Closing partially-constructed Directory listener on 0.0.0.0:9030// //Feb 25 11:57:14.942 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.// / In the former case, I tried using eip to allow tor to bind to ports lower than 1024 but it made no difference. I suspect this an issue with the configuration of the server rather than tor. Where should I start? Best, Chris -- Protect your privacy: encrypt your communications GPG: CF7F98B2

I suspect this an issue with the configuration of the server rather than tor. Where should I start?
tldr: wild guess torrc change (ORPort 443 -> 43) caused this, if 443 is actually intended try changing it. Is SELinux in enforcing mode? (see 'sestatus' output) if yes, try: tail -f /var/log/audit/audit.log|grep AVC while starting tor, if you see tor related AVCs you know the reason. Also make sure this SELinux boolean is on: getsebool -a|grep tor_can_network_relay try using port 443 (instead of using 43) or any of these ports (allowed by SELinux): 80, 81, 443, 488, 6969, 8008, 8009, 8443, 9000, 9001, 9030, 9050, 9051, 9150 if SELinux is not in enforcing mode: Is anything else binding on that port?

Good suggestion, I was indeed getting AVC errors. - Changing to 443 didn't help though. I have returned to the default OrPort of 9001 for now which works and I will try adding 443 to selinux for tor at a later date. Thanks, Chris On 25/02/17 09:23, nusenu wrote:
getsebool -a|grep tor_can_network_relay
participants (2)
-
Chris
-
nusenu