[tor-relays] port setup

Art ky1k at myfairpoint.net
Wed Mar 20 01:23:38 UTC 2013 

Hi Stephen and the group,

I think the error mentioned earlier is not significant.

The router says it's firewall setting is running without any protection 
being provided, which means no ports are blocked.

However, when I try to run a relay, it does not work.

Below is the message file, which shows the failure mode.

I do run the ufw firewall, but I disabled it (sudo ufw disable) so the 
ufw firewall shouldn't be blocking any ports either.

I'm at a loss-

I am running Xubuntu 12.10 in a homebuilt (late model) Asus motherboard 
with lots of ram and an FX6100 processor.

Are there any other parameters or settings to look at/check??


Mar 19 20:30:05.977 [Notice] Tor v0.2.3.25 (git-17c24b3118224d65) 
running on Linux.
Mar 19 20:30:05.978 [Notice] Tor can't help you if you use it wrong! 
Learn how to be safe at https://www.torproject.org/download/download#warning
Mar 19 20:30:05.978 [Notice] Read configuration file 
"/home/artie/tor-browser_en-US/App/../Data/Tor/torrc".
Mar 19 20:30:05.978 [Notice] Initialized libevent version 2.0.21-stable 
using method epoll (with changelist). Good.
Mar 19 20:30:05.978 [Notice] Opening Socks listener on 127.0.0.1:9150
Mar 19 20:30:05.978 [Notice] Opening Control listener on 127.0.0.1:9151
Mar 19 20:30:05.978 [Notice] Opening OR listener on 0.0.0.0:9001
Mar 19 20:30:07.416 [Notice] Parsing GEOIP file ./Data/Tor/geoip.
Mar 19 20:30:07.416 [Notice] No AES engine found; using AES_* functions.
Mar 19 20:30:07.416 [Notice] This OpenSSL has a good implementation of 
counter mode; using it.
Mar 19 20:30:07.416 [Notice] OpenSSL OpenSSL 1.0.0k 5 Feb 2013 looks 
like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
Mar 19 20:30:07.416 [Notice] Your Tor server's identity key fingerprint 
is 'GIOTOR F5DA739B206D8B5ED45FDBD236E8064989B0E015'
Mar 19 20:30:07.416 [Notice] Reloaded microdescriptor cache. Found 3584 
descriptors.
Mar 19 20:30:07.416 [Notice] We now have enough directory information to 
build circuits.
Mar 19 20:30:07.416 [Notice] Bootstrapped 80%: Connecting to the Tor 
network.
Mar 19 20:30:07.417 [Notice] New control connection opened.
Mar 19 20:30:08.119 [Notice] Heartbeat: Tor's uptime is 0:00 hours, with 
4 circuits open. I've sent 0 kB and received 0 kB.
Mar 19 20:30:08.177 [Notice] Bootstrapped 85%: Finishing handshake with 
first hop.
Mar 19 20:30:08.506 [Notice] Bootstrapped 90%: Establishing a Tor circuit.
Mar 19 20:30:10.050 [Notice] Guessed our IP address as 71.241.197.41 
(source: 31.172.30.1).
Mar 19 20:30:10.892 [Notice] Tor has successfully opened a circuit. 
Looks like client functionality is working.
Mar 19 20:30:10.892 [Notice] Bootstrapped 100%: Done.
Mar 19 20:30:10.893 [Notice] Now checking whether ORPort 
71.241.197.41:9001 is reachable... (this may take up to 20 minutes -- 
look for log messages indicating success)
Mar 19 20:30:16.131 [Notice] Our directory information is no longer 
up-to-date enough to build circuits: We have only 1843/3251 usable 
descriptors.
Mar 19 20:30:16.131 [Notice] I learned some more directory information, 
but not enough to build a circuit: We have only 1843/3251 usable 
descriptors.
Mar 19 20:30:17.809 [Notice] Tor has successfully opened a circuit. 
Looks like client functionality is working.
Mar 19 20:30:17.809 [Notice] Now checking whether ORPort 
71.241.197.41:9001 is reachable... (this may take up to 20 minutes -- 
look for log messages indicating success)
Mar 19 20:30:23.808 [Notice] I learned some more directory information, 
but not enough to build a circuit: We have only 1939/3251 usable 
descriptors.
Mar 19 20:30:27.973 [Notice] I learned some more directory information, 
but not enough to build a circuit: We have only 2035/3251 usable 
descriptors.
Mar 19 20:30:29.109 [Notice] I learned some more directory information, 
but not enough to build a circuit: We have only 2131/3251 usable 
descriptors.
Mar 19 20:30:29.887 [Notice] I learned some more directory information, 
but not enough to build a circuit: We have only 2227/3251 usable 
descriptors.
Mar 19 20:30:30.317 [Notice] I learned some more directory information, 
but not enough to build a circuit: We have only 2293/3251 usable 
descriptors.
Mar 19 20:30:31.484 [Notice] I learned some more directory information, 
but not enough to build a circuit: We have only 2389/3251 usable 
descriptors.
Mar 19 20:30:32.027 [Notice] We now have enough directory information to 
build circuits.
*Mar 19 20:50:09.088 **[Warning] Your server (71.241.197.41:9001) has 
not managed to confirm that its ORPort is reachable. Please check your 
firewalls, ports, address, /etc/hosts file, etc.**
*
TIA,

Art






On 03/19/2013 03:43 PM, Stephen Mollett wrote:
>   it Hi,
>
>
> On Tuesday, 19 March 2013 at 13:57, Art <ky1k at myfairpoint.net> wrote:
>
>> I entered 9001 in the Global PortStart box andthe other empty boxes
> on the setup page are Global PortEnd
>> and Base HostPort. What values do I put in the Global PortEnd and Base HostPort boxes????
>
> If your router's config works anything like my Thomson one, you probably need to put 9001 in Global PortEnd (so it forwards ports 9001-9001, i.e. just the one port) and 9001 in the Base HostPort, meaning that it should forward incoming connections on port 9001 to port 9001 on the machine running your relay. (This style of configuration interface allows you to do other, more complex, stuff like, say, forwarding incoming ports 1234-1240 to a block of ports on your PC starting at 7654, for example - you would set Global PortStart to 1234, Global PortEnd to 1240 and Base HostPort to 7654.)
>
> You may have to add a separate service for port 9030 if the router doesn't allow you to have more than one port range for a single service.
>
> Hope this helps.
>
>
> Stephen
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130319/3bd912f5/attachment-0001.html>

More information about the tor-relays mailing list