I'm back in business!!!! THANK YOU!!
So I changed a couple of ports and also opened those on my router. Previously I only had 9030 & 9001. I've added DirPort on 9051, Socks on 9050. I've actually got 4 ports open on the router for TOR - 9001, 9030, 9050 & 9051.
I set 9030 as my control port in torrc - does that port need to be open on the router? Or can I remove that port forward? I have one of the authentication methods unhashed, so I believe that protects that somewhat.
netstat -tlpn returns the following:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:9051 0.0.0.0:* LISTEN 9531/tor tcp 0 0 127.0.0.1:9030 0.0.0.0:* LISTEN 9531/tor tcp 0 0 0.0.0.0:9001 0.0.0.0:* LISTEN 9531/tor tcp 0 0 127.0.0.1:5939 0.0.0.0:* LISTEN 1342/teamviewerd tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 747/systemd-resolve tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 6055/cupsd tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 9531/tor tcp6 0 0 ::1:631 :::* LISTEN 6055/cupsd
nyx appears to be running fine now. I can see the graph and log messages like previously. It pulled my previous Nickname, but I currently have no flags, so I'm guessing that will update later.
I've got the exit policy set to reject *:* however, as I don't want to blow my ISP off.
Is that about it? Can anyone think of anything else I need to check?
Thank you to everyone who offered solutions!
On Thu, Sep 20, 2018 at 4:19 AM Chad MILLER chad@cornsilk.net wrote:
I maintain the tor-middle-relay Snap package. It listens on system-chosen, arbitrary ports. May be useful to you, itself, or to steal ideas from.
$ sudo snap install tor-middle-relay
On Wed, Sep 19, 2018, 04:56 Ben Riley blades1000@gmail.com wrote:
First off, will outline that I am very much a newbie, but was able to get a relay up and running on a Ubuntu machine. It was running fine for maybe 12 months (MelbTorBox), with a few resets and software updates along the way.
Just doing my bit to help the network.
Anyway, after the Ubuntu upgrade, I had to re-install TOR and I believed I did it basically the same way.
Unfortunately, that appears not to be the case. I've posted the error messages on the Ubuntu forum hoping to get assistance, but no joy:
https://askubuntu.com/questions/1070469/18-04-tor-relay-error-could-not-bind...
I'm now coming to the experts to see if I can resurrect relay before I pull the pin on the idea.
I have BASIC Unix knowledge (I can type commands and that's about it). I think I might have a couple of copies installed in different places and I know I have the TOR browser installed (it works fine).
When I type 'nyx' it replies with: Unable to connect to tor. Maybe it's running without a ControlPort?
So I type 'tor' and get Sep 19 21:34:24.819 [notice] Tor 0.3.4.8 (git-5da0e95e4871a0a1) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.0g, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.3. Sep 19 21:34:24.819 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Sep 19 21:34:24.819 [notice] Read configuration file "/etc/tor/torrc". Sep 19 21:34:24.823 [notice] Based on detected system memory, MaxMemInQueues is set to 2862 MB. You can override this by setting MaxMemInQueues by hand. Sep 19 21:34:24.824 [notice] Scheduler type KIST has been enabled. Sep 19 21:34:24.824 [notice] Opening Socks listener on 127.0.0.1:9050 Sep 19 21:34:24.824 [notice] Opening Control listener on 127.0.0.1:9051 Sep 19 21:34:24.824 [notice] Opening OR listener on 0.0.0.0:9001 Sep 19 21:34:24.824 [notice] Opening Directory listener on 0.0.0.0:9050 Sep 19 21:34:24.824 [warn] Could not bind to 0.0.0.0:9050: Address already in use. Is Tor already running? Sep 19 21:34:24.824 [notice] Closing partially-constructed Socks listener on 127.0.0.1:9050 Sep 19 21:34:24.824 [notice] Closing partially-constructed Control listener on 127.0.0.1:9051 Sep 19 21:34:24.824 [notice] Closing partially-constructed OR listener on 0.0.0.0:9001 Sep 19 21:34:24.824 [warn] Failed to parse/validate config: Failed to bind one of the listener ports. Sep 19 21:34:24.824 [err] Reading config failed--see warnings above.
I 'think' my original torrc file may have somehow survived the Ubuntu upgrade, but I don't know how as I did a wipe and re-install of Ubuntu. But when I edited it, there were my contact details sitting there.
Very appreciative of any help!
Thanks Ben.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi,
On 20/09/2018 10:37, Ben Riley wrote:
... I've actually got 4 ports open on the router for TOR - 9001, 9030, 9050 & 9051.
I set 9030 as my control port in torrc - does that port need to be open on the router? ...
You probably don't need or want either the control port or the SOCKS port open on the router.
The control port is normally used to allow "front end" software like Vidalia to connect to the node and get diagnostic information, change some configuration settings, tell it to do things like build a new circuit, etc. so it only needs to be accessible to machines from which you want to manage the node in this way. If, for some reason, you did want to manage the node over the internet, I would recommend keeping the port blocked on the router anyway and tunnelling it through an SSH connection to the server.
The SOCKS port is used to tunnel connections through Tor, either directly from software that supports SOCKS, via a wrapper such as socksify or torify or through a proxy server like Privoxy. Again, that only needs to be accessible to machines from which you want to "use" Tor. Again, if you want to use your node as a "gateway" into Tor from elsewhere, you should tunnel the port over SSH.
Hope this helps, Stephen
Thanks Stephen, I've closed both the Control Port 9030 & Socks Port 9050 on the router - thanks for the advice.
Should I be concerned that I'm getting almost no traffic still after uptime of 3 days? I know sometimes it takes a little while for the relay to get 'established' and start seeing some decent traffic, but I don't remember it taking this long last time. Currently have 3 flags: Running, V2Dir, Valid.
Bandwidth limit is set to 700 KB/s & 800 KB/s (burst). Getting a little burst of traffic for 1 second every 10 seconds or so, but only a couple hundred bytes? Nyx is saying avg is 531.2 B/sec - yeah that's bytes..... Log updates for the past 12 hrs or so:
19:17:56 [NOTICE] DoS mitigation since startup: 0 circuits killed with too many cells. 0 circuits │ rejected, 0 marked addresses. 0 connections closed. 0 single hop clients refused. [3 duplicates hidden] │ 19:17:56 [NOTICE] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 66 v4 connections; and received 103 v1 connections, 101 v2 connections, 399 v3 connections, and 260 v4 connections. │ 19:17:56 [NOTICE] Circuit handshake stats since last time: 11/11 TAP, 0/0 NTor. │ 19:17:56 [NOTICE] Heartbeat: Tor's uptime is 2 days 23:59 hours, with 3 circuits open. I've sent 82.83 MB and received 132.06 MB. [3 duplicates hidden] │ 13:17:56 [NOTICE] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 65 v4 connections; and received 93 v1 connections, 92 v2 connections, 398 v3 connections, and 238 v4 connections. │ 13:17:56 [NOTICE] Circuit handshake stats since last time: 12/12 TAP, 0/0 NTor. │ 07:39:27 [WARN] Malformed IP "(null)" in address pattern; rejecting. │ 07:17:56 [NOTICE] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 56 v4 connections; and received 76 v1 connections, 87 v2 connections, 38 v3 │ connections, and 213 v4 connections. │ 07:17:56 [NOTICE] Circuit handshake stats since last time: 18/18 TAP, 0/0 NTor. │ 01:17:56 [NOTICE] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 47 v4 connections; and received 64 v1 connections, 80 v2 connections, 25 v3 ─┘ connections, and 181 v4 connections.
On Fri, Sep 21, 2018 at 7:23 AM Stephen Mollett molletts@yahoo.com wrote:
Hi,
On 20/09/2018 10:37, Ben Riley wrote:
... I've actually got 4 ports open on the router for TOR - 9001, 9030, 9050 & 9051.
I set 9030 as my control port in torrc - does that port need to be open on the router? ...
You probably don't need or want either the control port or the SOCKS port open on the router.
The control port is normally used to allow "front end" software like Vidalia to connect to the node and get diagnostic information, change some configuration settings, tell it to do things like build a new circuit, etc. so it only needs to be accessible to machines from which you want to manage the node in this way. If, for some reason, you did want to manage the node over the internet, I would recommend keeping the port blocked on the router anyway and tunnelling it through an SSH connection to the server.
The SOCKS port is used to tunnel connections through Tor, either directly from software that supports SOCKS, via a wrapper such as socksify or torify or through a proxy server like Privoxy. Again, that only needs to be accessible to machines from which you want to "use" Tor. Again, if you want to use your node as a "gateway" into Tor from elsewhere, you should tunnel the port over SSH.
Hope this helps, Stephen _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Ben Riley -
Stephen Mollett