[tor-relays] torrc, unit files, confusion
Martin Gebhardt
martin at gebhardt.im
Wed Feb 16 07:07:21 UTC 2022
Hello together,
I've gotten myself stuck in a situation that I can't get out of. The
following:
I have a working relay. You can find the config for it in the attachment
[1].
I want to move parts of the config. So I use %include.
I don't do anything else than moving parts of the working config to
other files. There are no changes at all. But, tor does not start
anymore.In the attachment [2] you can find the config with %include. The
folder structure is the following:
├── info.html
├── rc.d
│ ├── contact.rc
│ ├── family.rc
│ └── nickname.rc
├── torrc
└── torsocks.conf
No matter what I do, I can't get it to enable debug logs when I start
tor from the unit file. This is unchanged, but I attached it anyway [3].
Anyway, I start tor as root, then everything works [4]. I have no idea
where something should be wrong with the permissions. I have also
recursively set the permission of /etc/tor/ to the user debian-tor, but
it doesn't help.
When I do the following:
cat rc.d/* >> torrc && sed -i /include/d torrc && systemctl restart tor
Everything works fine again.
My system:
Linux privacy 5.10.0-11-amd64 #1 SMP Debian 5.10.92-1 (2022-01-18)
x86_64 GNU/Linux
Tor version 0.4.6.9.
Tor is running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1k,
Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.33 as libc.
Tor compiled with GCC version 10.2.1
Maybe I'm still too tired to figure it out. But please, can someone give
me some advice where to look further? Or at least tell me how to get a
debug log when I start tor from the systemd-unit. Then I would surely
get further.
Thanks for your attention and help.
--
Martin
-------------- next part --------------
SocksPort 0
RunAsDaemon 1
ORPort 9001
ORPort [::]:9001
ContactInfo abuse(at)linkspartei(dot)org url:linkspartei.org proof:uri-rsa ciissversion:2 btc:bc1qnskznvxkq63yuqcvp3ppc37hp364n2f08lv46v
MyFamily C2CD35F0766CAE4184F75299186FE8CF1A131E61,58AC93FB66FE2A14A4A7D35C05E6BE41A6C7046B,EDB480C34207BC3D38CD903F475CD4A85659F810,FDAA4F76F778215F02B0B02DCE8E8504179BCDC6,6A0A9C3B3381C89CCB85C64BBCF6942805AA477B,171E93EA1DF7524A87ED272CCE8CF83BCD9BF1BC,F072C8FDA61719777AA3BAB2CDADE416763749F8,4CF97826972A7FDD895B0D020FE56341ED5E5F90,16688DB4CD7B17E2846E9BE90DFCE89456DAE5CB,845BA84EDBC85AD3B1D504089BAE698E9360DCBF,2F9EAEB446302E4A4B6451AC2A8DAB9128FDA7D7,FDE290ACE9C213BE9F7BB7FB288DD9767B6ABB31
Nickname lokit09
Log notice file /var/log/tor/notices.log
DirPort 80
DirPortFrontPage /etc/tor/info.html
ExitRelay 1
IPv6Exit 1
DisableDebuggerAttachment 0
ControlPort 9051
CookieAuthentication 1
# Policy
ExitPolicy accept *:20-21 # FTP, SSH, telnet
ExitPolicy accept *:23 # FTP, SSH, telnet
ExitPolicy accept *:43 # WHOIS
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:79-81 # finger, HTTP
ExitPolicy accept *:88 # kerberos
ExitPolicy accept *:110 # POP3
ExitPolicy accept *:143 # IMAP
ExitPolicy accept *:194 # IRC
ExitPolicy accept *:220 # IMAP3
ExitPolicy accept *:389 # LDAP
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:464 # kpasswd
ExitPolicy accept *:465 # URD for SSM (more often: an alternative SUBMISSION port, see 587)
ExitPolicy accept *:531 # IRC/AIM
ExitPolicy accept *:543-544 # Kerberos
ExitPolicy accept *:554 # RTSP
ExitPolicy accept *:563 # NNTP over SSL
ExitPolicy accept *:587 # SUBMISSION (authenticated clients [MUA's like Thunderbird] send mail over STARTTLS SMTP here)
ExitPolicy accept *:636 # LDAP over SSL
ExitPolicy accept *:706 # SILC
ExitPolicy accept *:749 # kerberos
ExitPolicy accept *:873 # rsync
ExitPolicy accept *:902-904 # VMware
ExitPolicy accept *:981 # Remote HTTPS management for firewall
ExitPolicy accept *:989-990 # FTP over SSL
ExitPolicy accept *:991 # Netnews Administration System
ExitPolicy accept *:992 # TELNETS
ExitPolicy accept *:993 # IMAP over SSL
ExitPolicy accept *:994 # IRCS
ExitPolicy accept *:995 # POP3 over SSL
ExitPolicy accept *:1194 # OpenVPN
ExitPolicy accept *:1220 # QT Server Admin
ExitPolicy accept *:1293 # PKT-KRB-IPSec
ExitPolicy accept *:1500 # VLSI License Manager
ExitPolicy accept *:1533 # Sametime
ExitPolicy accept *:1677 # GroupWise
ExitPolicy accept *:1723 # PPTP
ExitPolicy accept *:1755 # RTSP
ExitPolicy accept *:1863 # MSNP
ExitPolicy accept *:2082 # Infowave Mobility Server
ExitPolicy accept *:2083 # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128 # SQUID
ExitPolicy accept *:3389 # MS WBT
ExitPolicy accept *:3690 # SVN
ExitPolicy accept *:4321 # RWHOIS
ExitPolicy accept *:4643 # Virtuozzo
ExitPolicy accept *:5050 # MMCC
ExitPolicy accept *:5190 # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228 # Android Market
ExitPolicy accept *:5900 # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679 # IRC SSL
ExitPolicy accept *:6697 # IRC SSL
ExitPolicy accept *:8000 # iRDMI
ExitPolicy accept *:8008 # HTTP alternate
ExitPolicy accept *:8074 # Gadu-Gadu
ExitPolicy accept *:8080 # HTTP Proxies
ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
ExitPolicy accept *:8332-8333 # Bitcoin
ExitPolicy accept *:8443 # PCsync HTTPS
ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE
ExitPolicy accept *:9418 # git
ExitPolicy accept *:9999 # distinct
ExitPolicy accept *:10000 # Network Data Management Protocol
ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol)
ExitPolicy accept *:19294 # Google Voice TCP
ExitPolicy accept *:19638 # Ensim control panel
ExitPolicy accept *:50002 # Electrum Bitcoin SSL
ExitPolicy accept *:64738 # Mumble
ExitPolicy reject *:*
-------------- next part --------------
SocksPort 0
RunAsDaemon 1
ORPort 9001
ORPort [::]:9001
ContactInfo abuse(at)linkspartei(dot)org url:linkspartei.org proof:uri-rsa ciissversion:2 btc:bc1qnskznvxkq63yuqcvp3ppc37hp364n2f08lv46v
MyFamily C2CD35F0766CAE4184F75299186FE8CF1A131E61,58AC93FB66FE2A14A4A7D35C05E6BE41A6C7046B,EDB480C34207BC3D38CD903F475CD4A85659F810,FDAA4F76F778215F02B0B02DCE8E8504179BCDC6,6A0A9C3B3381C89CCB85C64BBCF6942805AA477B,171E93EA1DF7524A87ED272CCE8CF83BCD9BF1BC,F072C8FDA61719777AA3BAB2CDADE416763749F8,4CF97826972A7FDD895B0D020FE56341ED5E5F90,16688DB4CD7B17E2846E9BE90DFCE89456DAE5CB,845BA84EDBC85AD3B1D504089BAE698E9360DCBF,2F9EAEB446302E4A4B6451AC2A8DAB9128FDA7D7,FDE290ACE9C213BE9F7BB7FB288DD9767B6ABB31
Nickname lokit09
Log notice file /var/log/tor/notices.log
DirPort 80
DirPortFrontPage /etc/tor/info.html
ExitRelay 1
IPv6Exit 1
DisableDebuggerAttachment 0
ControlPort 9051
CookieAuthentication 1
# Policy
ExitPolicy accept *:20-21 # FTP, SSH, telnet
ExitPolicy accept *:23 # FTP, SSH, telnet
ExitPolicy accept *:43 # WHOIS
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:79-81 # finger, HTTP
ExitPolicy accept *:88 # kerberos
ExitPolicy accept *:110 # POP3
ExitPolicy accept *:143 # IMAP
ExitPolicy accept *:194 # IRC
ExitPolicy accept *:220 # IMAP3
ExitPolicy accept *:389 # LDAP
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:464 # kpasswd
ExitPolicy accept *:465 # URD for SSM (more often: an alternative SUBMISSION port, see 587)
ExitPolicy accept *:531 # IRC/AIM
ExitPolicy accept *:543-544 # Kerberos
ExitPolicy accept *:554 # RTSP
ExitPolicy accept *:563 # NNTP over SSL
ExitPolicy accept *:587 # SUBMISSION (authenticated clients [MUA's like Thunderbird] send mail over STARTTLS SMTP here)
ExitPolicy accept *:636 # LDAP over SSL
ExitPolicy accept *:706 # SILC
ExitPolicy accept *:749 # kerberos
ExitPolicy accept *:873 # rsync
ExitPolicy accept *:902-904 # VMware
ExitPolicy accept *:981 # Remote HTTPS management for firewall
ExitPolicy accept *:989-990 # FTP over SSL
ExitPolicy accept *:991 # Netnews Administration System
ExitPolicy accept *:992 # TELNETS
ExitPolicy accept *:993 # IMAP over SSL
ExitPolicy accept *:994 # IRCS
ExitPolicy accept *:995 # POP3 over SSL
ExitPolicy accept *:1194 # OpenVPN
ExitPolicy accept *:1220 # QT Server Admin
ExitPolicy accept *:1293 # PKT-KRB-IPSec
ExitPolicy accept *:1500 # VLSI License Manager
ExitPolicy accept *:1533 # Sametime
ExitPolicy accept *:1677 # GroupWise
ExitPolicy accept *:1723 # PPTP
ExitPolicy accept *:1755 # RTSP
ExitPolicy accept *:1863 # MSNP
ExitPolicy accept *:2082 # Infowave Mobility Server
ExitPolicy accept *:2083 # Secure Radius Service (radsec)
ExitPolicy accept *:2086-2087 # GNUnet, ELI
ExitPolicy accept *:2095-2096 # NBX
ExitPolicy accept *:2102-2104 # Zephyr
ExitPolicy accept *:3128 # SQUID
ExitPolicy accept *:3389 # MS WBT
ExitPolicy accept *:3690 # SVN
ExitPolicy accept *:4321 # RWHOIS
ExitPolicy accept *:4643 # Virtuozzo
ExitPolicy accept *:5050 # MMCC
ExitPolicy accept *:5190 # ICQ
ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
ExitPolicy accept *:5228 # Android Market
ExitPolicy accept *:5900 # VNC
ExitPolicy accept *:6660-6669 # IRC
ExitPolicy accept *:6679 # IRC SSL
ExitPolicy accept *:6697 # IRC SSL
ExitPolicy accept *:8000 # iRDMI
ExitPolicy accept *:8008 # HTTP alternate
ExitPolicy accept *:8074 # Gadu-Gadu
ExitPolicy accept *:8080 # HTTP Proxies
ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port
ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
ExitPolicy accept *:8332-8333 # Bitcoin
ExitPolicy accept *:8443 # PCsync HTTPS
ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE
ExitPolicy accept *:9418 # git
ExitPolicy accept *:9999 # distinct
ExitPolicy accept *:10000 # Network Data Management Protocol
ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol)
ExitPolicy accept *:19294 # Google Voice TCP
ExitPolicy accept *:19638 # Ensim control panel
ExitPolicy accept *:50002 # Electrum Bitcoin SSL
ExitPolicy accept *:64738 # Mumble
ExitPolicy reject *:*
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3-tor.service
Type: text/x-dbus-service
Size: 1103 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220216/620fed00/attachment-0001.bin>
-------------- next part --------------
Feb 16 07:40:17.650 [notice] Tor 0.4.6.9 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1k, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc.
Feb 16 07:40:17.650 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Feb 16 07:40:17.650 [notice] Read configuration file "/etc/tor/torrc".
Feb 16 07:40:17.651 [notice] Processing configuration path "/etc/tor/rc.d" at recursion level 1.
Feb 16 07:40:17.651 [notice] Including configuration file "/etc/tor/rc.d/contact.rc".
Feb 16 07:40:17.651 [notice] Including configuration file "/etc/tor/rc.d/family.rc".
Feb 16 07:40:17.651 [notice] Including configuration file "/etc/tor/rc.d/nickname.rc".
Feb 16 07:40:17.651 [warn] Configuration port ORPort 9001 superseded by ORPort [::]:9001
Feb 16 07:40:17.651 [notice] Based on detected system memory, MaxMemInQueues is set to 732 MB. You can override this by setting MaxMemInQueues by hand.
Feb 16 07:40:17.653 [warn] Configuration port ORPort 9001 superseded by ORPort [::]:9001
Feb 16 07:40:17.653 [notice] Opening Control listener on 127.0.0.1:9051
Feb 16 07:40:17.653 [notice] Opened Control listener connection (ready) on 127.0.0.1:9051
Feb 16 07:40:17.653 [notice] Opening OR listener on 0.0.0.0:9001
Feb 16 07:40:17.653 [notice] Opened OR listener connection (ready) on 0.0.0.0:9001
Feb 16 07:40:17.653 [notice] Opening OR listener on [::]:9001
Feb 16 07:40:17.653 [notice] Opened OR listener connection (ready) on [::]:9001
Feb 16 07:40:17.653 [notice] Opening Directory listener on 0.0.0.0:80
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220216/620fed00/attachment-0001.sig>
More information about the tor-relays
mailing list