[tor-bugs] #5376 [Tor Relay]: The ExitPolicyRejectPrivate option seems to be ignored

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Mar 13 12:34:34 UTC 2012 

#5376: The ExitPolicyRejectPrivate option seems to be ignored
-----------------------+----------------------------------------------------
 Reporter:  kevin      |          Owner:                    
     Type:  defect     |         Status:  new               
 Priority:  normal     |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Relay  |        Version:                    
 Keywords:             |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------
Changes (by kevin):

 * cc: malsabah@…, jansen@…, iang@…, arma@… (added)


Old description:

> I noticed that setting "!ExitPolicyRejectPrivate 0" to allow exit nodes
> to exit to private addresses seems to be ignored. This issue prevents
> nodes running in the ExperimenTor testbed from establishing exit
> connections within the emulated network environment.
>
> Here's an example torrc configuration file for an exit node that would
> like to allow exit connections to private addresses:
>
> {{{
> Address 10.0.0.6
> ORPort 6006
> ORListenAddress 10.0.0.6:6006
> SocksPort 8006
> NickName router6
> DataDirectory /home/k4bauer/experimentor/routers/6
> TestingTorNetwork 1
> ExitPolicyRejectPrivate 0
> Log notice file /home/k4bauer/experimentor/routers/6/log
> SafeLogging 0
> CircuitPriorityHalflife 0
> N23 0
> circuit_window 1000
> stream_window 500
> ExitPolicy accept *:*
> RelayBandwidthRate 2260 KBytes
> RelayBandwidthBurst 2260 KBytes
> DirServer router1 v3ident=2742779FAA4C08DD1A400AAA4F8CBA5317C1CC8C
> orport=6001 10.0.0.1:20001 2A7A C69C EEE2 5573 899F A598 0752 898E 777F
> 6107
> DirServer router2 v3ident=F43C5503929B0E4A1A93026C6810CD9C3C9FC95E
> orport=6002 10.0.0.2:20002 B5D9 0AE9 DF3C 8F3B FFFB FE67 883A 1F38 A3FF
> 4E22
> DirServer router3 v3ident=AA4DA69D8655E48BA271F561C9AFF81F5E31779A
> orport=6003 10.0.0.3:20003 7DEA F408 F641 A82E 1FF9 4EB1 EE0E 250E EFF5
> A433
> DirServer router4 v3ident=665CE5F47C7212954EDC1A80E65123E7CA5572DE
> orport=6004 10.0.0.4:20004 4475 A1B8 B4C4 7BBA BFBA 4699 1FA5 DE23 190D
> DA08
> DirServer router5 v3ident=DADB8F236660FFD1C15C08215A2EEA5EE8ADCA70
> orport=6005 10.0.0.5:20005 96A3 866E 916C D73B C928 5BB5 83FF 5F05 E40F
> 1649
>
> }}}
> A typical client's log shows the following error message when trying to
> connect to a destination on a private address:
>
> `Mar 13 07:55:51.000 [notice] No Tor server allows exit to 10.0.6.1:100.
> Rejecting.`

New description:

 I noticed that setting "!ExitPolicyRejectPrivate 0" to allow exit nodes to
 exit to private addresses seems to be ignored. This issue prevents nodes
 running in the ExperimenTor testbed from establishing exit connections
 within the emulated network environment.

 Here's an example torrc configuration file for an exit node that would
 like to allow exit connections to private addresses:

 {{{
 Address 10.0.0.6
 ORPort 6006
 ORListenAddress 10.0.0.6:6006
 SocksPort 8006
 NickName router6
 DataDirectory /home/k4bauer/experimentor/routers/6
 TestingTorNetwork 1
 ExitPolicyRejectPrivate 0
 Log notice file /home/k4bauer/experimentor/routers/6/log
 SafeLogging 0
 CircuitPriorityHalflife 0
 N23 0
 circuit_window 1000
 stream_window 500
 ExitPolicy accept *:*
 RelayBandwidthRate 2260 KBytes
 RelayBandwidthBurst 2260 KBytes
 DirServer router1 v3ident=2742779FAA4C08DD1A400AAA4F8CBA5317C1CC8C
 orport=6001 10.0.0.1:20001 2A7A C69C EEE2 5573 899F A598 0752 898E 777F
 6107
 DirServer router2 v3ident=F43C5503929B0E4A1A93026C6810CD9C3C9FC95E
 orport=6002 10.0.0.2:20002 B5D9 0AE9 DF3C 8F3B FFFB FE67 883A 1F38 A3FF
 4E22
 DirServer router3 v3ident=AA4DA69D8655E48BA271F561C9AFF81F5E31779A
 orport=6003 10.0.0.3:20003 7DEA F408 F641 A82E 1FF9 4EB1 EE0E 250E EFF5
 A433
 DirServer router4 v3ident=665CE5F47C7212954EDC1A80E65123E7CA5572DE
 orport=6004 10.0.0.4:20004 4475 A1B8 B4C4 7BBA BFBA 4699 1FA5 DE23 190D
 DA08
 DirServer router5 v3ident=DADB8F236660FFD1C15C08215A2EEA5EE8ADCA70
 orport=6005 10.0.0.5:20005 96A3 866E 916C D73B C928 5BB5 83FF 5F05 E40F
 1649

 }}}
 Note that `ExitPolicyRejectPrivate` `0` is implicitly set by enabling
 `TestingTorNetwork`.

 A typical client's log shows the following error message when trying to
 connect to a destination on a private address:

 `Mar 13 07:55:51.000 [notice] No Tor server allows exit to 10.0.6.1:100.
 Rejecting.`

--

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5376#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list