logs archiveIRC Archive / Oftc / #tor / 2010 / February / 11 / 1
nsa
or: Sebastian Hahn <sebastian@torproject.org>: 2010-02-07 04:18:50 [tor/master]: Add Windows version detection for Vista and 7
amazon10x
hello
i have vidalia running on linux, and i'm trying to get it to relay. i have the proper log messages "orport reachable" "dirport reachable" and the bandwidth self-test, but my node doesn't get listed in the directories
BarkerJr
it can take up to 4 hours
phobos
z3r0: what do you need help with?
amazon10x
BarkerJr: i've had it siitting here for several hours
and i've tried restarting it
BarkerJr
what'd you name it?
amazon10x
kentcommandcenter
129.2.235.246:9001 6DFC470C4A96B6F341E16ADCD345930C9DCA82B0
phobos
how long has it been up and reachable?
amazon10x
i think i set it up at 4 AM and it's 6PM now. so 14 hours
         

Schiz0
I'm trying to setup a Tor relay behind a strict firewall. I think I configured everything correctly. The logs show I'm connectable from the outside. netstat shows I have about 7 connects on the ip and port that tor is running on. However, my bandwidth monitor shows that I'm transferring about 1 KBps of data...
I have the incoming port (the one tor is listening on) open in my firewall. I also have the following ports open for OUTGOING traffic: 80 443 9001 9030 (i want to be a relay only, not a exit node)
Am I missing something to get it working? It's been running for 30-40 minutes now with no network traffic
mikeperry
it takes between 1-4 hours for clients to see your relay to use it at all. it takes another few hours for it to get a good bandwidth value in its descriptor for other nodes to choose it
Schiz0
Ahh, ok
mikeperry
err other clients to choose it
Schiz0
I thought something like 10 min would be enough
mikeperry
however, if you can, you want to open up that firewall to allow more outgoing ports
not all tor relays run on those ports
which means clients are going to try to use your relay to connect to other nodes, but fail
Schiz0
What other ports would you recommend? (It would be ports that only other relays listen on, right? Since I have a deny-all exit policy)
mikeperry
they are resilient to this failure, but its not a great property to only connect to some of the network
Schiz0
Thanks for the help. I'll see if I can get the netadmin to open up more ports for me
mikeperry
it does look like the most common ports are 9001, 443, 80, and 444
that gets you connectivity to 1391/1545 nodes
the problem is that the rest of the ports are pretty random
and all have <= 7 nodes each or so
Schiz0
ah
nsa
or: Andrew Lewman <andrew@torproject.org>: 2010-02-11 03:50:23 [tor/master]: updated win32 build instructions with new mingw and msys versions.
or: Nick Mathewson <nickm@torproject.org>: 2010-02-11 05:24:23 [tor/master]: Clean up whitespace
or: Andrew Lewman <andrew@torproject.org>: 2010-02-11 02:44:19 [tor/master]: clean up the documentation, break out sections for osx compiles.
MJ94
Hi
I'm worried about security
so I use tor + mibbit
but I want my ip to change, and it won't.
how do I get it to?
atagar
in vidalia there's a 'change identity' button
MJ94
then do I have to stop tor?
then restart?
Runa
:)
nsa
or: pootle committed revision 21618 (/translation/trunk/projects/website/nl/docs): Commit from The Tor Translation Portal by user Infinity. 7 of 35 messages translated (0 fuzzy).
or: pootle committed revision 21619 (/translation/trunk/projects/website/nl): Commit from The Tor Translation Portal by user Infinity. 65 of 67 messages translated (0 fuzzy).
MikeChen
Hello?
Can somebody help me on setting up tor relay?
atagar_work
no patience...
chen: if you have a question it's best to ask - if someone's available they'll answer
chen
sorry. first time for irc.
i setup in torrc file for relay. but it seems tor can not be connected.
it complains that my ORPort is unreachable.
         

echelon
did you setup the port forward?
chen
port forward? it's a server, no firewall.
does a public server need port forward?
atagar_work
chen: it's your router, not firewall. That message means you can't be contacted from the outside so you either need UPnP or (preferably) port forwarding
if you're running via vidalia it'll attempt to automatically use UPnP but it might not be enabled on your router
chen
how exactly do i need to do?
atagar_work
are you running via vidalia?
chen
sorry. i don't have GUI installed. so no vidalia.
atagar_work
ahhh, ok
in that case you need to check your router's instructions for how to change the settings (usually by directing a browser to the gateway address)
chen
what's weird is that ORListenAddress and DirListenAddress can be accessed.
Sebastian_
chen: maybe you can paste your torrc?
I'm sure we can help.
chen
sure.
Sebastian_
paste.debian.net
chen
http://paste.debian.net/59565/
atagar_work
Sebastian_: I've been thinking about looking into including UPnP support in arm for cases where port forwarding and guis aren't an option but there's been some discussion about including it in tor itself - do you know if that's really gonna happen?
chen
the actually server ip address is 173.212.221.150.
Sebastian_
chen: I think your problem is that you setup a different port in ListenAddress than in OrPort.
Why did you do that?
atagar_work: I think it will probably be included, even though I'm totally unhappy with that ;)
chen
I don't know. Probably i just want to change port to different port from defaults.
Sebastian_
chen: You shouldn't change options unless you understand what they do :)
chen
i see what's wrong. i'll change it and try again. thx.
atagar_work
Sebastian_: agreed that it should be discouraged but there's cases where port forwarding's a no go... quite a few in fact :(
chen
thx.
Sebastian_
chen: just removing the *ListenAddress lines should do it.
chen: also your ExitPolicy lines are weird
sid77
speaking of UPnP, isn't there a command line utlity to issue UPnP requests? I'd like to port something over to the iphone
Sebastian_
chen: oh, no. I overlooked the #
your policy is fine.
sorry.
chen
thank you guys. it works now.
Sebastian_
awesome!
thank you for running a relay
we really appreciate it.
chen
sure. i just don't wanna waste my bandwidth, while i use tor myself. bye.
echelon
enjoy getting blacklisted
Sebastian
echelon: exactly what role is it you're fulfilling here?
echelon
:/
KOLMAS
Torbutton disables plugins and other options but is not acting as an http proxy right?
echelon
right
it sets the proxy settings for privoxy or polipo
KOLMAS
ok thank you echelon :)
echelon
:)
waltman
atagar_work: I found a bug in arm this morning. If you specify ORListenAddress, it should use that port to determine inbound connections, not ORPort.
I realized last night that I could tell the outside world my bridge is on 443, but have my router send it to have a high port and have tor listen to that with ORListenAddress.
That lets me use accounting, but it breaks arm.
xxkimlo
helo
i have connection problems, when i use xchat with torsocks, always say like: no more connections allowed from your host
is tor banned?
i used oftc.net and freenode, both the same problem
Runa
xxkimlo: some of the exit nodes might be banned, yes
danieldg
I think freenode forces tor users to have an account and use their hidden service
xxkimlo
so what is the solution?
Runa
danieldg: yeah, you need to sign up for an account with GPG and stuff
xxkimlo
to use xchat with tor?
Runa
xxkimlo: try other exit nodes, I guess
xxkimlo
hoe to get them?
how
and then change the torrc file?
its a lot of work to try all the exitnods?
Runa
xxkimlo: windows or linux, btw?
xxkimlo
linux
Runa
you can set the exit node in the torrc file, yes, but I don't know which nodes will enable you to connect to freenode
atagar_work
waltman: Thanks! I'll look into it this weekend.
just to make sure I understand - repro is simply to set a ORListenAddress and the failure is obvious - right?
waltman
It doesn't die, but it thinks all the inbound connections on port 9090 (or whatever it is) are outbound.
I was wondering why I had so many outbound connections without any inbound. Then I noticed the ports.
atagar_work
ah, gotcha - easy fix ;)
xkimjo
hi
i was disconnected
iam xxkimlo
so i have a question
i found that there are more posibilites to torify trafic:
1. using proxy SOCKS
2. with torsocks and ohter tools
Runa
mhm
xkimjo
3. to torify the user with iptables
so which of these is the securest way?
cheako
I asked previously, but let me try again.
FeasibilityStudy
anyone know of any .onion xmpp servers?
cheako
If every port on a tor relay is available, how should the port mappings be done? Assume there is only one address, even though there could be more.
How does this look in a config file, options listed multiple times or separate the ports with spaces?
Runa
xkimjo: good question, I'm not sure if there's a difference
cheako
Are OR ports preferred over Dir?
Runa
cheako: you could try the mailing list as well :)
cheako
Can Dir be optional in cases where upstream B/W is precious?
Sebastian
cheako: Tor only listens on one OrPort and one DirPort per Tor process.
There's currently no way to change that.
DirPort is entirely optional.
cheako
Sebastian: Acctually, iptables redirect.
Sebastian
Simply don't specify it if you don't want it.
cheako: Tor has no way to tell the network that it listens on more than one Tor
so even if you redirect everything into Tor, that doesn't help.
erm
on more than one port.
xkimjo
or the strongest, or the moer anonymitiy..Runa:
cheako
Yes, I'd assumed it would be a waste of database directories to simply listen on every port.
xkimjo
Runa: but there is a porblem for me to understand
Runa
oh?
cheako
Should I run multiple instances? What about rate-limiting in that case?
Sebastian
cheako: you're limited to two instances per IP address.
rate limiting applies per process
xkimjo
for example: when i use pidgin with torsocks o.k. then
i let the proxy configuraton clean and it works with tor, true Runa?
cheako
Alright, I can live with that. What two ports should I listen on? How would I know if I should change these ports?
Runa
xkimjo: not sure what you mean. Which option, of the ones you listed, are you thinking about?
xkimjo
Runa: you know pidgin
Runa
xkimjo: you want to use pidgin with tor?
cheako
Hmm, to make things easy should I just listen on 995 pop3-ssl?
xkimjo
there are the the possibility to change the proxy conifuraton, SOCKS HTPP, or direct connection and so on, right?
Runa
xkimjo: don't know
Sebastian
cheako: listening on 80 and 443 with your orports would be excellent
xkimjo
Runa: i take a direct connection in Pidgin, and use pidgin with torsocks, to torify it right?
FeasibilityStudy
I want to run a relay but I dont want to be harrassed either
Runa
xkimjo: I haven't set up pidgin with tor before, but I image there are options for proxy configuration as well
xkimjo
Runa: yes there are :)
cheako
Sebastian: Thank you, I just may.
xkimjo
believe me
Sebastian
FeasibilityStudy: running a bridge seems like the best way. That way, your bridge won't become publically known.
FeasibilityStudy: also, non-exit relays basically never get abuse complaints ever. I haven't heard of a single one.
xkimjo
did you understand my question
FeasibilityStudy
Sebastian: but bridges dont really help anyone do they? I mean doesnt one have to give the bridge out to each person who wants to use it?
Sebastian
FeasibilityStudy: Depending on how you configure it, you either have to give it out yourself, or our bridge authority distributes it automatically.
cheako
Sebastian: I am concerned about sites that blatantly block tor, if I configure a relay or a bridge will this be an issue?
Speaking of efnet and freenode.
Runa
xkimjo: http://mytechxp.blogspot.com/2007/10/pidgin-through-proxy.html
Sebastian
cheako: it can be, yes. Some sites are unfortunately very idiotic about blocking Tor, they even block non-exit nodes.
cheako: it is best to contact them beforehand to not be surprised.
cheako: I've made it a policy that I just don't frequent those sites/use those services, but that sure doesn't work for everyone.
xkimjo
Rnua: i didnt finish my question. please,
cheako
Better education about blocking only tor exit nodes that apply to your service would be good. What about setting up DNS blacklists for site owners?
Sebastian
there is one.
tordnsel.
Runa
xkimjo: ok, please continue
Sebastian
it has existed for years.
:)
cheako
For example IRC operators might listen on multiple ports and if you wanted to use one all you needed to do was remove that port from the exit node.
Ammler
so someone uses tor to find bridges to block those, or how else would someone find those?
xkimjo
i know, but my question is, if i use it or a othe appliaction like firefox e.g., and i use the direct-proxy configuration, AND with a wrapper like torsocks
Ammler
how stupid
Sebastian
cheako: as I said, we have a dns-based exit list ;)
xkimjo
Runa: then i am in the tor network, ok?
Runa
xkimjo: if you use firefox, you should use torbutton
Sebastian
Ammler: It is a clear sign of intelligence to judge a system after first hearing about it, without learning about it at all.
Runa
xkimjo: yes
cheako
Yup, so I should be safe as a relay and then just make education and avoidance my main tools.
xkimjo
Runa: and know, my special question, if i use NOT te direct connection, but use the tor SOCKS in the network config of the tool, AND torsocks, what then?
« prev 1 2 next »