Hi, I'm still trying to run a tor delay. Here's the error:
Your server (81.10.248.112:80) has not managed to confirm that its DirPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable.
But canyouseeme.org said: Your ISP is not blocking port 80
Whats's wrong?
Thanks
Peter
Have you double-checked your firewall?
-Cody
On 03/02/2018 11:27 AM, peter.zehetner@liwest.at wrote:
Hi, I'm still trying to run a tor delay. Here's the error:
Your server (81.10.248.112:80) has not managed to confirm that its DirPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable.
But canyouseeme.org said: Your ISP is not blocking port 80
Whats's wrong?
Thanks
Peter
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Fri, Mar 02, 2018 at 08:27:29PM +0100, peter.zehetner@liwest.at wrote:
Hi, I'm still trying to run a tor delay. Here's the error:
Thank you for running a relay.
Your server (81.10.248.112:80) has not managed to confirm that its DirPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable.
I do not see port 80 open, either:
$ torsocks nc -v 81.10.248.112 80 Ncat: Version 7.40 ( https://nmap.org/ncat ) Ncat: Connection timed out.
But canyouseeme.org said: Your ISP is not blocking port 80
Maybe "not blocking" does not mean "is open".
Are you running this relay at your home? If yes, then that is not recommended, but you may need to allow port 80 on your firewall/router. You may need to use port forwarding or add your computer into the DMZ (if your router supports this).
If you're not running this relay from home, is the server directly connected to the Internet or is there a router/switch/blackbox in the middle?
Whats's wrong?
Thanks
Peter
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Fri, Mar 02, 2018 at 07:42:11PM +0000, Matthew Finkel wrote:
Are you running this relay at your home? If yes, then that is not recommended, but
For the record, it's running *exit* relays at home that is not recommended. Running non-exit relays at home is typically fine -- the most likely problems are that some overzealous blacklist will put your IP address on their list, making some websites not work so well for you if you also use that IP address for your own traffic. Some of these overzealous blacklists are just being stupid, because they don't understand about exit policies: https://www.torproject.org/docs/faq#ExitPolicies but others of them are intentionally trying to harm people who are trying to support Tor: http://paulgraham.com/spamhausblacklist.html
But back to the original thread here: some residential ISPs filter incoming port 80 for all of their customers, to make it hard for you to run a website at home unless you upgrade to the version of their service with the word 'business' in its name. So if 80 isn't working, and you can't figure out why, one of your debugging steps should be "see if a different port works better".
--Roger
On Fri, Mar 02, 2018 at 03:01:31PM -0500, Roger Dingledine wrote:
On Fri, Mar 02, 2018 at 07:42:11PM +0000, Matthew Finkel wrote:
Are you running this relay at your home? If yes, then that is not recommended, but
For the record, it's running *exit* relays at home that is not recommended. Running non-exit relays at home is typically fine -- the most likely problems are that some overzealous blacklist will put your IP address on their list, making some websites not work so well for you if you also use that IP address for your own traffic. Some of these overzealous blacklists are just being stupid, because they don't understand about exit policies: https://www.torproject.org/docs/faq#ExitPolicies but others of them are intentionally trying to harm people who are trying to support Tor: http://paulgraham.com/spamhausblacklist.html
Just for the record, this is exactly why I don't recommend it from my exerience. I lost access to my bank's website (plus some other sites) for a while because I did this. It's must less risky running a non-exit than running an exit, but there may be unintended side effects that make the experience less fun overall for the operator.
Matthew Finkel:
On Fri, Mar 02, 2018 at 03:01:31PM -0500, Roger Dingledine wrote:
On Fri, Mar 02, 2018 at 07:42:11PM +0000, Matthew Finkel wrote:
Are you running this relay at your home? If yes, then that is not recommended, but
For the record, it's running *exit* relays at home that is not recommended. Running non-exit relays at home is typically fine -- the most likely problems are that some overzealous blacklist will put your IP address on their list, making some websites not work so well for you if you also use that IP address for your own traffic. Some of these overzealous blacklists are just being stupid, because they don't understand about exit policies: https://www.torproject.org/docs/faq#ExitPolicies but others of them are intentionally trying to harm people who are trying to support Tor: http://paulgraham.com/spamhausblacklist.html
Just for the record, this is exactly why I don't recommend it from my exerience. I lost access to my bank's website (plus some other sites) for a while because I did this. It's must less risky running a non-exit than running an exit, but there may be unintended side effects that make the experience less fun overall for the operator.
+1 on that.
With the direction things are moving (. . .), I tend to think avoiding the possibility of residential IPs being blacklisted is a smart move. Run a bridge at home, and install a pluggable transport.
I was first aware of non-exit Tor IPs being blacklisted by a bank several years ago in Latin America... in a country which, at that point, had few relays.
It's good node operator practices IMHO. Being blacklisted on a residential connection is a bad gateway into the relay operator club.
g
On Friday, March 2, 2018 2:22:00 PM CST George wrote:
Matthew Finkel:
On Fri, Mar 02, 2018 at 03:01:31PM -0500, Roger Dingledine wrote:
On Fri, Mar 02, 2018 at 07:42:11PM +0000, Matthew Finkel wrote:
Are you running this relay at your home? If yes, then that is not recommended, but
For the record, it's running *exit* relays at home that is not recommended. Running non-exit relays at home is typically fine -- the most likely problems are that some overzealous blacklist will put your IP address on their list, making some websites not work so well for you if you also use that IP address for your own traffic. Some of these overzealous blacklists are just being stupid, because they don't understand about exit policies: https://www.torproject.org/docs/faq#ExitPolicies but others of them are intentionally trying to harm people who are trying to support Tor: http://paulgraham.com/spamhausblacklist.html
Just for the record, this is exactly why I don't recommend it from my exerience. I lost access to my bank's website (plus some other sites) for a while because I did this. It's must less risky running a non-exit than running an exit, but there may be unintended side effects that make the experience less fun overall for the operator.
+1 on that.
With the direction things are moving (. . .), I tend to think avoiding the possibility of residential IPs being blacklisted is a smart move. Run a bridge at home, and install a pluggable transport.
I was first aware of non-exit Tor IPs being blacklisted by a bank several years ago in Latin America... in a country which, at that point, had few relays.
It's good node operator practices IMHO. Being blacklisted on a residential connection is a bad gateway into the relay operator club.
g
Other than running a bridge at home, if you would like to run a relay or exit, there are many VPS providers or even present Relay operators that operate their own private clouds that will be more than willing to let you run tor on a VPS or VM for a small monthly fee.
Also, once I'm done with the final stage of a project I'm working on,, several of us on this list are going to start working on the reboot of the AWS relay project, which takes advantage of the AWS free tier rules. You could look into running a relay on AWS and making sure your relay only runs within the free tier rules, but make sure you only run a relay on AWS and not an exit.
Regards,
Conrad
tor-relays@lists.torproject.org
-
Cody Logan -
Conrad Rockenhaus -
George -
Matthew Finkel -
peter.zehetner@liwest.at -
Roger Dingledine