On 2013-10-20 10:35, zwiebel@quantentunnel.de wrote:
Oct 20 07:32:08.290 [Notice] Now checking whether ORPort x.x.x.102:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) ... Oct 20 07:52:07.025 [Warning] Your server (x.x.x.x:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Oct 20 08:12:07.639 [Warning] Your server (x.x.x.x:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. ... Now I open 9001 udp at the DSL router ... Oct 20 08:31:04.223 [Notice] Our directory information is no longer up-to-date enough to build circuits: We have no usable consensus. Oct 20 08:31:04.400 [Notice] Tor has successfully opened a circuit. Looks like client functionality is working. Oct 20 08:31:04.424 [Notice] Now checking whether ORPort x.x.x.x:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) Oct 20 08:31:07.088 [Notice] We now have enough directory information to build circuits. :)
Your client is working, but you still miss the following:
'Self-testing indicates your ORPort is reachable from the outside. Excellent.'
In the past I tried several things and found someone else did the following (! start page !) He tells to use 9001 udp for his PI so I try it for Tails and it works. I expected to not need udp. Question is why?
There is definitely no need to enable port 9001 UDP for Tor!
Interesting is we both use a german well known Fritz!Box DSL router. German site [http://www.webstimme.de/2013/08/23/raspberry-pi-als-tor-relay-betreiben-howt...] Ports der Router-Firewall öffnen:
- Sie müssen folgende Ports für TOR auf ihrem Router öffnen (jeweils TCP und UDP):
Standard: ORPort 9001 Standard: DirPort 9030
Only TCP is required! Fritz!Box DSL router works well with Tor but if Tor has many circuits open, you have to reboot the box every week or so.
Can you print your 'torrc' and the output of '/sbin/iptables -L -nv'?
Hi Tschador, here some more:
Only TCP is required! Fritz!Box DSL router works well with Tor but if Tor has many circuits open, you have to reboot the box every week or so.
Can you print your 'torrc' and the output of '/sbin/iptables -L -nv'?
Please find the listings http pastebin.com/43GZ1h5F
Your client is working, but you still miss the following:
'Self-testing indicates your ORPort is reachable from the outside. Excellent.'
My Fritz Box is open on 9001 tcp AND udp
Start computer
Vidalia/Tor comes up
-> See AFTER BOOT listings
Manually added by iptables 9001 tcp
Settings change in Vidalia relay non-exit, nickname, bandwidth 20kB/25kB
Oct 20 10:29:51.481 [Notice] Opening OR listener on 0.0.0.0:9001 Oct 20 10:29:51.481 [Notice] Your Tor server's identity key fingerprint is '.. bla bla ..' Oct 20 10:29:51.503 [Notice] Now checking whether ORPort x.x.x.x:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) ... Oct 20 10:49:50.394 [Warning] Your server (x.x.x.x:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. ... Oct 20 11:09:50.856 [Warning] Your server (x.x.x.x:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. ... Oct 20 11:29:50.398 [Warning] Your server (x.x.x.x:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. ... Oct 20 11:31:04.446 [Notice] Our directory information is no longer up-to-date enough to build circuits: We have no usable consensus. Oct 20 11:31:07.351 [Notice] We now have enough directory information to build circuits. Oct 20 11:31:09.935 [Notice] Tor has successfully opened a circuit. Looks like client functionality is working. Oct 20 11:31:09.960 [Notice] Now checking whether ORPort x.x.x.x:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) Oct 20 11:31:26.731 [Notice] We'd like to launch a circuit to handle a connection, but we already have 32 general-purpose client circuits pending. Waiting until some finish. Oct 20 11:32:12.154 [Notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Oct 20 11:32:14.835 [Notice] Performing bandwidth self-test...done.
-> See AFTER ESTABLISHED listings
The *reachable from the outside* notice came each time in the past but I did not post it in my last mail. To be sure I re-did all.
My default LAN net is 192.168.178.0 and not what tails thinks for 192.168.0.0. Could this impact?
Thanks, Zwiebel
On 2013-10-20 14:00, zwiebel@quantentunnel.de wrote:
Please find the listings http pastebin.com/43GZ1h5F
The relevant rules: ------------ Chain INPUT (policy DROP 1062 packets, 82154 bytes) pkts bytes target prot opt in out source destination 14270 12M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 49 2892 ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001
Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 12638 5321K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 142 8579 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 104 ------------
Looks ok. UID 104 is Tor, right? ('sudo ps anux|grep /usr/sbin/tor')
My Fritz Box is open on 9001 tcp AND udp
One rule (TCP/UDP) or two seperate rules for each protocol?
Which model number is your Fritz!Box? I've never had to open UDP for Tor, neither in the 3131, 7170 nor 7390.
My default LAN net is 192.168.178.0 and not what tails thinks for 192.168.0.0. Could this impact?
It doesn't matter. 192.168.0.0/16 includes the network 192.168.178.0
Hi Tschador
Looks ok. UID 104 is Tor, right? ('sudo ps anux|grep /usr/sbin/tor')
Computer if off. But I will prove one of the next runs if the UID position is likewise.
My Fritz Box is open on 9001 tcp AND udp
One rule (TCP/UDP) or two seperate rules for each protocol?
Two seperate rules.
Which model number is your Fritz!Box? I've never had to open UDP for Tor, neither in the 3131, 7170 nor 7390.
Mine is a 3170. NEW: In my museum is still a 2170. Why not gonna try *this* ? I did and look at that! All works with just 9001 tcp and NO udp. This is good. I go to check the 3170 and reinstall the original firmware as I changed the original settings for DNS override 1 with CCC DNS and 2 with 8888 for not using ISP DNS. If something interesting turns out I will reshoot this thread.
Thanks for help and time. Was brilliant.
Zwiebel
On 2013-10-20 20:18, zwiebel@quantentunnel.de wrote:
Mine is a 3170. NEW: In my museum is still a 2170. Why not gonna try *this* ? I did and look at that! All works with just 9001 tcp and NO udp. This is good.
Fine. In the meantime my DSL-Router is replaced by a simple DSL-Modem + Raspberry PI. (Firewall, Tor-Bridge, Web-, Mumble-, DHCP- and DNS-Server + WLAN-AP - all in one!)
I go to check the 3170 and reinstall the original firmware as I changed the original settings for DNS override 1 with CCC DNS and 2 with 8888 for not using ISP DNS.
Google-DNS (8.8.8.8/8.8.8.4) - ugh ...
On all my computers I use uncensored[1] DNS-Servers with:
--> dnsmasq --> ttdns[2] --> Tor --> DNS-Server in line.
So my ISP doesn't see DNS-Queries anymore. :)
If something interesting turns out I will reshoot this thread.
You're welcome. Good luck!
[1] http://www.privacyfoundation.ch/de/service/server.html [2] https://gitweb.torproject.org/ioerror/ttdnsd.git
tor-relays@lists.torproject.org
-
Tschador -
zwiebel@quantentunnel.de