[tor-bugs] #15275 [Tor]: tor relay confused when binding interface secondary IP address
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Mar 15 18:46:39 UTC 2015
#15275: tor relay confused when binding interface secondary IP address
-----------------------+-------------------------------
Reporter: starlight | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version: Tor: 0.2.4.25
Keywords: | Actual Points:
Parent ID: | Points:
-----------------------+-------------------------------
Relay advertises primary IP on interface
despite proper configuration for secondary IP.
{{{
/etc/sysconfig/network-scripts/ifcfg-ethX
=========================================
DEVICE=ethX
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.10.10.156
NETMASK=255.255.255.0
/etc/iproute2/rt_tables # add line
=======================
14 tor
/etc/rc.d/init.d/network # modification
========================
# Local network adjustments.
apply_netlocal() {
# Secondary IPs and subnets.
#ip addr add 10.10.10.156/24 dev ethX # ifcfg-ethX
ip addr add 10.10.10.157/24 dev ethX
# Policy-route. Priority reverse-order of insertion.
ip rule add from 10.10.10.157 table tor
ip rule add from 10.10.10.156 table tor
# Tor interface
ip route add 10.10.10.0/24 dev ethX table tor src 10.10.10.157
ip route add 127.0.0.0/8 dev lo table tor
ip route add default via 10.10.10.1 table tor
return 0
}
==========================================================
! # Run this again to catch any interface-specific actions
! sysctl -e -p /etc/sysctl.conf >/dev/null 2>&1
+
+ apply_netlocal
!
! touch /var/lock/subsys/network
torrc
=====
OutboundBindAddress 10.10.10.157
ORPort 10.10.10.157:443
DirPort 10.10.10.157:80
$ ip rule show
0: from all lookup local
32763: from 10.10.10.156 lookup tor
32764: from 10.10.10.157 lookup tor
32766: from all lookup main
32767: from all lookup default
$ ip route show table main
10.10.22.0/24 dev ethZ proto kernel scope link src 10.10.22.222
10.10.10.0/24 dev ethX proto kernel scope link src 10.10.10.156
10.10.9.0/24 dev ethA proto kernel scope link src 10.10.9.1
default via 10.10.22.1 dev ethZ
# ip route show dev ethX table local
broadcast 10.10.10.0 proto kernel scope link src 10.10.10.156
broadcast 10.10.10.255 proto kernel scope link src 10.10.10.156
local 10.10.10.157 proto kernel scope host src 10.10.10.156
local 10.10.10.156 proto kernel scope host src 10.10.10.156
$ ip route show dev ethX table tor
10.10.10.0/24 scope link src 10.10.10.157
default via 10.10.10.1
$ ip addr show dev ethX
9: ethX: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP qlen 10000
inet 10.10.10.156/24 brd 10.10.10.255 scope global ethX
inet 10.10.10.157/24 scope global secondary ethX
# lsof -Pn -p $(pgrep tor) | fgrep LISTEN | sed -re 's| +| |g'
tor 1870 tor 7u IPv4 4437 TCP 10.10.9.9:9150 (LISTEN)
tor 1870 tor 8u IPv4 4438 TCP 10.10.9.9:9151 (LISTEN)
tor 1870 tor 9u IPv4 4439 TCP 10.10.10.157:443 (LISTEN)
tor 1870 tor 10u IPv4 4440 TCP 10.10.10.157:80 (LISTEN)
nc 10.10.9.9 9151
getinfo dir/server/authority
250+dir/server/authority=
router unnamed 10.10.10.156 443 0 0
platform Tor 0.2.4.25 on Linux
protocols Link 1 2 Circuit 1
.
.
.
Tor[1870]: Your server (10.10.10.156:443) has not managed to confirm that
its ORPort is reachable. Please check your firewalls, ports, address,
/etc/hosts file, etc.
Tor[1870]: Your server (10.10.10.156:80) has not managed to confirm that
its DirPort is reachable. Please check your firewalls, ports, address,
/etc/hosts file, etc.
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15275>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list