[tor-relays] port setup

Art ky1k at myfairpoint.net
Thu Mar 21 14:48:55 UTC 2013 

I still can't make the relay function work, I'd really like to 
contribute by participating as a relay.

I believe my router's port forwarding is set up correctly. My ufw 
firewall is disabled. My router shows port forwarding set to the proper 
IP address for my computer and there is an entry for port 9001 and port 
9030, which are custom entries I set up for Tor.

I have screen captures for the router pages showing details of the 
router port forwarding setup, but probably shouldn't send them via the 
list as attachments. I'll email them to anyone who would like to see 
them, please send me a request OFF-LIST.

TIA,

Art



On 03/20/2013 02:01 AM, Matt Joyce wrote:
> On 20/03/13 03:43, Lance Hathaway wrote:
>> On 19/03/2013 6:23 PM, Art wrote:
>>> On 03/19/2013 03:43 PM, Stephen Mollett wrote:
>>>>   it Hi,
>>>>
>>>>
>>>> On Tuesday, 19 March 2013 at 13:57, Art <ky1k at myfairpoint.net> wrote:
>>>>
>>>>> I entered 9001 in the Global PortStart box andthe other empty boxes
>>>> on the setup page are Global PortEnd
>>>>> and Base HostPort. What values do I put in the Global PortEnd and Base HostPort boxes????
>>>> If your router's config works anything like my Thomson one, you probably need to put 9001 in Global PortEnd (so it forwards ports 9001-9001, i.e. just the one port) and 9001 in the Base HostPort, meaning that it should forward incoming connections on port 9001 to port 9001 on the machine running your relay. (This style of configuration interface allows you to do other, more complex, stuff like, say, forwarding incoming ports 1234-1240 to a block of ports on your PC starting at 7654, for example - you would set Global PortStart to 1234, Global PortEnd to 1240 and Base HostPort to 7654.)
>>>>
>>>> You may have to add a separate service for port 9030 if the router doesn't allow you to have more than one port range for a single service.
>>>>
>>>> Hope this helps.
>>>>
>>>>
>>>> Stephen
>>>>
>>>>
>>> Hi Stephen and the group,
>>>
>>> I think the error mentioned earlier is not significant.
>>>
>>> The router says it's firewall setting is running without any
>>> protection being provided, which means no ports are blocked.
>>>
>>> However, when I try to run a relay, it does not work.
>>>
>>> Below is the message file, which shows the failure mode.
>>>
>>> I do run the ufw firewall, but I disabled it (sudo ufw disable) so
>>> the ufw firewall shouldn't be blocking any ports either.
>>>
>>> I'm at a loss-
>>>
>>> I am running Xubuntu 12.10 in a homebuilt (late model) Asus
>>> motherboard with lots of ram and an FX6100 processor.
>>>
>>> Are there any other parameters or settings to look at/check??
>>>
>>>
>>> Mar 19 20:30:05.977 [Notice] Tor v0.2.3.25 (git-17c24b3118224d65)
>>> running on Linux.
>>> Mar 19 20:30:05.978 [Notice] Tor can't help you if you use it wrong!
>>> Learn how to be safe at
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>> https://www.torproject.org/download/download#warning
>>> Mar 19 20:30:05.978 [Notice] Read configuration file
>>> "/home/artie/tor-browser_en-US/App/../Data/Tor/torrc".
>>> Mar 19 20:30:05.978 [Notice] Initialized libevent version
>>> 2.0.21-stable using method epoll (with changelist). Good.
>>> Mar 19 20:30:05.978 [Notice] Opening Socks listener on 127.0.0.1:9150
>>> Mar 19 20:30:05.978 [Notice] Opening Control listener on 127.0.0.1:9151
>>> Mar 19 20:30:05.978 [Notice] Opening OR listener on 0.0.0.0:9001
>>> Mar 19 20:30:07.416 [Notice] Parsing GEOIP file ./Data/Tor/geoip.
>>> Mar 19 20:30:07.416 [Notice] No AES engine found; using AES_* functions.
>>> Mar 19 20:30:07.416 [Notice] This OpenSSL has a good implementation
>>> of counter mode; using it.
>>> Mar 19 20:30:07.416 [Notice] OpenSSL OpenSSL 1.0.0k 5 Feb 2013 looks
>>> like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
>>> Mar 19 20:30:07.416 [Notice] Your Tor server's identity key
>>> fingerprint is 'GIOTOR F5DA739B206D8B5ED45FDBD236E8064989B0E015'
>>> Mar 19 20:30:07.416 [Notice] Reloaded microdescriptor cache.  Found
>>> 3584 descriptors.
>>> Mar 19 20:30:07.416 [Notice] We now have enough directory information
>>> to build circuits.
>>> Mar 19 20:30:07.416 [Notice] Bootstrapped 80%: Connecting to the Tor
>>> network.
>>> Mar 19 20:30:07.417 [Notice] New control connection opened.
>>> Mar 19 20:30:08.119 [Notice] Heartbeat: Tor's uptime is 0:00 hours,
>>> with 4 circuits open. I've sent 0 kB and received 0 kB.
>>> Mar 19 20:30:08.177 [Notice] Bootstrapped 85%: Finishing handshake
>>> with first hop.
>>> Mar 19 20:30:08.506 [Notice] Bootstrapped 90%: Establishing a Tor
>>> circuit.
>>> Mar 19 20:30:10.050 [Notice] Guessed our IP address as 71.241.197.41
>>> (source: 31.172.30.1).
>>> Mar 19 20:30:10.892 [Notice] Tor has successfully opened a circuit.
>>> Looks like client functionality is working.
>>> Mar 19 20:30:10.892 [Notice] Bootstrapped 100%: Done.
>>> Mar 19 20:30:10.893 [Notice] Now checking whether ORPort
>>> 71.241.197.41:9001 is reachable... (this may take up to 20 minutes --
>>> look for log messages indicating success)
>>> Mar 19 20:30:16.131 [Notice] Our directory information is no longer
>>> up-to-date enough to build circuits: We have only 1843/3251 usable
>>> descriptors.
>>> Mar 19 20:30:16.131 [Notice] I learned some more directory
>>> information, but not enough to build a circuit: We have only
>>> 1843/3251 usable descriptors.
>>> Mar 19 20:30:17.809 [Notice] Tor has successfully opened a circuit.
>>> Looks like client functionality is working.
>>> Mar 19 20:30:17.809 [Notice] Now checking whether ORPort
>>> 71.241.197.41:9001 is reachable... (this may take up to 20 minutes --
>>> look for log messages indicating success)
>>> Mar 19 20:30:23.808 [Notice] I learned some more directory
>>> information, but not enough to build a circuit: We have only
>>> 1939/3251 usable descriptors.
>>> Mar 19 20:30:27.973 [Notice] I learned some more directory
>>> information, but not enough to build a circuit: We have only
>>> 2035/3251 usable descriptors.
>>> Mar 19 20:30:29.109 [Notice] I learned some more directory
>>> information, but not enough to build a circuit: We have only
>>> 2131/3251 usable descriptors.
>>> Mar 19 20:30:29.887 [Notice] I learned some more directory
>>> information, but not enough to build a circuit: We have only
>>> 2227/3251 usable descriptors.
>>> Mar 19 20:30:30.317 [Notice] I learned some more directory
>>> information, but not enough to build a circuit: We have only
>>> 2293/3251 usable descriptors.
>>> Mar 19 20:30:31.484 [Notice] I learned some more directory
>>> information, but not enough to build a circuit: We have only
>>> 2389/3251 usable descriptors.
>>> Mar 19 20:30:32.027 [Notice] We now have enough directory information
>>> to build circuits.
>>> *Mar 19 20:50:09.088 **[Warning] Your server (71.241.197.41:9001) has
>>> not managed to confirm that its ORPort is reachable. Please check
>>> your firewalls, ports, address, /etc/hosts file, etc.**
>>> *
>>> TIA,
>>>
>>> Art
>> Hi Art,
>>
>> Even if your router's firewall is not blocking anything, you probably
>> still have to forward ports to bypass the router's NAT.
>>
>>   -Lance
> Lance is correct, unless you have the router running in bridged mode
> giving your internal machines a valid external IP address it will be
> running NAT and thus nothing is accessible from the outside without a
> forwarding rule.  It almost invariably will not be in bridged mode
> unless configured that way separately so if you arn't sure what that is
> then you will no doubt need the rule.
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130321/a37304c7/attachment.html>

More information about the tor-relays mailing list