[tor-relays] why my exit is not being used?

gustavo panizzo (gfa) gfa at zumbi.com.ar
Tue Jan 31 04:37:46 UTC 2017 

On Tue, Jan 31, 2017 at 09:27:42AM +1100, teor wrote:
> 
> > On 31 Jan 2017, at 02:46, gustavo panizzo (gfa) <gfa at zumbi.com.ar> wrote:
> > 
> >>>> Please send us your actual torrc:
> >>> 
> >>> that's my actual torrc, I've only edited HashedControlPassword
> >> 
> >> Then please reload your torrc so that your tor process is using it.
> > What I meant to say is that I edited HashedControlPassword on the email
> 
> What I need to know is whether the torrc you provided is actually the one
> being used by tor.

yes, the file provided is the one being used by tor

> 
> >>>> * your torrc has a DirPort, but your relay on atlas does not
> >>>> (this might be because you have a bandwidth limit set)
> >>>> * your torrc says IPv6Exit, but your relay on atlas does not exit to
> >>>> IPv6
> >>> 
> >>> Port is open, tor is listening. no fw rules for IPv6
> >> 
> >> That's the ORPort, an entry port.
> > 
> > You are right, tor wasn't listening on the DirPort on IPv6. I've fixed
> > that a few hours ago.
> 
> No tor version or role uses the IPv6 DirPort, and it's a pain to configure.
is this useless then?

DirPort [2400:6180:0:d0::18a7:d001]:80 NoAdvertise

> 
> >> You say you have IPv6Exit and an ExitPolicy set in the torrc.
> > I have exit rules for both, same rules apply to both protocols. An tor
> > knows it
# grep -i exit /etc/tor/torrc
IPv6Exit 1
ExitPortStatistics 1
ExitRelay 1
ExitPolicy accept *:53        # DNS
ExitPolicy accept *:80        # HTTP
ExitPolicy accept *:110       # POP3
[snip]
ExitPolicy reject *:* # nothing else is allowed 


> > 
> > Tor[22587]: tor_addr_parse_mask_ports(): '*:6881-6999' expands into
> > rules which apply to all IPv4 and IPv6 addresses. (Use accept/reject
> > *4:* for IPv4 or accept[6]/reject[6] *6:* for IPv6.)
> > 
> > Tor[22587]: tor_addr_parse_mask_ports(): '*:*' expands into rules which
> > apply to all
> > IPv4 and IPv6 addresses. (Use accept/reject *4:* for IPv4 or
> > accept[6]/reject[6] *6:* for IPv6.)
> 
> But if your ExitPolicy starts by rejecting IPv6 (as it does when IPv6Exit
> is not set), none of these rules will ever be used.
> 
IPv6Exit is set


-- 
1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333

keybase: https://keybase.io/gfa

More information about the tor-relays mailing list