[tor-relays] port setup

Lance Hathaway qhltx at yahoo.com
Wed Mar 20 03:43:06 UTC 2013 

On 19/03/2013 6:23 PM, Art wrote:
>
> On 03/19/2013 03:43 PM, Stephen Mollett wrote:
>>   it Hi,
>>
>>
>> On Tuesday, 19 March 2013 at 13:57, Art<ky1k at myfairpoint.net>  wrote:
>>
>>> I entered 9001 in the Global PortStart box andthe other empty boxes
>> on the setup page are Global PortEnd
>>> and Base HostPort. What values do I put in the Global PortEnd and Base HostPort boxes????
>> If your router's config works anything like my Thomson one, you probably need to put 9001 in Global PortEnd (so it forwards ports 9001-9001, i.e. just the one port) and 9001 in the Base HostPort, meaning that it should forward incoming connections on port 9001 to port 9001 on the machine running your relay. (This style of configuration interface allows you to do other, more complex, stuff like, say, forwarding incoming ports 1234-1240 to a block of ports on your PC starting at 7654, for example - you would set Global PortStart to 1234, Global PortEnd to 1240 and Base HostPort to 7654.)
>>
>> You may have to add a separate service for port 9030 if the router doesn't allow you to have more than one port range for a single service.
>>
>> Hope this helps.
>>
>>
>> Stephen
>>
>>
> Hi Stephen and the group,
>
> I think the error mentioned earlier is not significant.
>
> The router says it's firewall setting is running without any 
> protection being provided, which means no ports are blocked.
>
> However, when I try to run a relay, it does not work.
>
> Below is the message file, which shows the failure mode.
>
> I do run the ufw firewall, but I disabled it (sudo ufw disable) so the 
> ufw firewall shouldn't be blocking any ports either.
>
> I'm at a loss-
>
> I am running Xubuntu 12.10 in a homebuilt (late model) Asus 
> motherboard with lots of ram and an FX6100 processor.
>
> Are there any other parameters or settings to look at/check??
>
>
> Mar 19 20:30:05.977 [Notice] Tor v0.2.3.25 (git-17c24b3118224d65) 
> running on Linux.
> Mar 19 20:30:05.978 [Notice] Tor can't help you if you use it wrong! 
> Learn how to be safe at 
> https://www.torproject.org/download/download#warning
> Mar 19 20:30:05.978 [Notice] Read configuration file 
> "/home/artie/tor-browser_en-US/App/../Data/Tor/torrc".
> Mar 19 20:30:05.978 [Notice] Initialized libevent version 
> 2.0.21-stable using method epoll (with changelist). Good.
> Mar 19 20:30:05.978 [Notice] Opening Socks listener on 127.0.0.1:9150
> Mar 19 20:30:05.978 [Notice] Opening Control listener on 127.0.0.1:9151
> Mar 19 20:30:05.978 [Notice] Opening OR listener on 0.0.0.0:9001
> Mar 19 20:30:07.416 [Notice] Parsing GEOIP file ./Data/Tor/geoip.
> Mar 19 20:30:07.416 [Notice] No AES engine found; using AES_* functions.
> Mar 19 20:30:07.416 [Notice] This OpenSSL has a good implementation of 
> counter mode; using it.
> Mar 19 20:30:07.416 [Notice] OpenSSL OpenSSL 1.0.0k 5 Feb 2013 looks 
> like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
> Mar 19 20:30:07.416 [Notice] Your Tor server's identity key 
> fingerprint is 'GIOTOR F5DA739B206D8B5ED45FDBD236E8064989B0E015'
> Mar 19 20:30:07.416 [Notice] Reloaded microdescriptor cache. Found 
> 3584 descriptors.
> Mar 19 20:30:07.416 [Notice] We now have enough directory information 
> to build circuits.
> Mar 19 20:30:07.416 [Notice] Bootstrapped 80%: Connecting to the Tor 
> network.
> Mar 19 20:30:07.417 [Notice] New control connection opened.
> Mar 19 20:30:08.119 [Notice] Heartbeat: Tor's uptime is 0:00 hours, 
> with 4 circuits open. I've sent 0 kB and received 0 kB.
> Mar 19 20:30:08.177 [Notice] Bootstrapped 85%: Finishing handshake 
> with first hop.
> Mar 19 20:30:08.506 [Notice] Bootstrapped 90%: Establishing a Tor circuit.
> Mar 19 20:30:10.050 [Notice] Guessed our IP address as 71.241.197.41 
> (source: 31.172.30.1).
> Mar 19 20:30:10.892 [Notice] Tor has successfully opened a circuit. 
> Looks like client functionality is working.
> Mar 19 20:30:10.892 [Notice] Bootstrapped 100%: Done.
> Mar 19 20:30:10.893 [Notice] Now checking whether ORPort 
> 71.241.197.41:9001 is reachable... (this may take up to 20 minutes -- 
> look for log messages indicating success)
> Mar 19 20:30:16.131 [Notice] Our directory information is no longer 
> up-to-date enough to build circuits: We have only 1843/3251 usable 
> descriptors.
> Mar 19 20:30:16.131 [Notice] I learned some more directory 
> information, but not enough to build a circuit: We have only 1843/3251 
> usable descriptors.
> Mar 19 20:30:17.809 [Notice] Tor has successfully opened a circuit. 
> Looks like client functionality is working.
> Mar 19 20:30:17.809 [Notice] Now checking whether ORPort 
> 71.241.197.41:9001 is reachable... (this may take up to 20 minutes -- 
> look for log messages indicating success)
> Mar 19 20:30:23.808 [Notice] I learned some more directory 
> information, but not enough to build a circuit: We have only 1939/3251 
> usable descriptors.
> Mar 19 20:30:27.973 [Notice] I learned some more directory 
> information, but not enough to build a circuit: We have only 2035/3251 
> usable descriptors.
> Mar 19 20:30:29.109 [Notice] I learned some more directory 
> information, but not enough to build a circuit: We have only 2131/3251 
> usable descriptors.
> Mar 19 20:30:29.887 [Notice] I learned some more directory 
> information, but not enough to build a circuit: We have only 2227/3251 
> usable descriptors.
> Mar 19 20:30:30.317 [Notice] I learned some more directory 
> information, but not enough to build a circuit: We have only 2293/3251 
> usable descriptors.
> Mar 19 20:30:31.484 [Notice] I learned some more directory 
> information, but not enough to build a circuit: We have only 2389/3251 
> usable descriptors.
> Mar 19 20:30:32.027 [Notice] We now have enough directory information 
> to build circuits.
> *Mar 19 20:50:09.088 **[Warning] Your server (71.241.197.41:9001) has 
> not managed to confirm that its ORPort is reachable. Please check your 
> firewalls, ports, address, /etc/hosts file, etc.**
> *
> TIA,
>
> Art

Hi Art,

Even if your router's firewall is not blocking anything, you probably 
still have to forward ports to bypass the router's NAT.

  -Lance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130319/9c60861c/attachment.html>

More information about the tor-relays mailing list