You are not logged in.
- Topics: Active | Unanswered
#1 2016-04-13 22:02:33
- Acetate
- Member
- From: Strasbourg, France
- Registered: 2010-04-11
- Posts: 6
[SOLVED] [Tor relay setup] OR and Dir port not reachable
I'm running out of ideas regarding a "port not reachable" issue while setting up a new Tor relay. Output of :
journalctl | grep 'Tor'...shows :
Tor[220]: Bootstrapped 85%: Finishing handshake with first hop
Tor[220]: Bootstrapped 90%: Establishing a Tor circuit
Tor[220]: Tor has successfully opened a circuit. Looks like client functionality is working.
Tor[220]: Bootstrapped 100%: Done
Tor[220]: Now checking whether ORPort x.y.z.w:443 and DirPort x.y.z.w:80 are reachable... (this may take up to 20 minutes -- look for log messages indicating success)
(20 minutes later...)
Tor[220]: Your server (x.y.z.w:443) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Tor[220]: Your server (x.y.z.w:80) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.Basic details about the relay follow.
Hardware: Raspberry Pi 2
OS: Arch Linux ARM
Tor version: 0.2.7.6 (official package)
This is the Tor configuration as output by arm:
BandwidthRate 1 GB
BandwidthBurst 1 GB
RelayBandwidthRate 256 KB
RelayBandwidthBurst 512 KB
ControlPort 9051
HashedControlPassword <none>
CookieAuthentication True
DataDirectory /var/lib/tor
Log notice syslog
RunAsDaemon False
User <none>
Bridge <none>
ExcludeNodes <none>
MaxCircuitDirtiness 10 minutes
SocksPort 0
UseBridges False
BridgeRelay False
ContactInfo xxx yyy@zzz.www
ExitPolicy reject *:*
MyFamily <none>
Nickname nickname
ORPort 443 NoListen, 127.0.0.1:3443 NoAdvertise
PortForwarding False
AccountingMax 0 B
AccountingStart <none>
DirPortFrontPage <none>
DirPort 80 NoListen, 127.0.0.1:3480 NoAdvertise
HiddenServiceDir <none>
HiddenServicePort <none>Tor listens on ports 3480 (Dir) and 3443 (OR) but advertises ports 80 and 443 respectively (I had to push back Tor's port numbers to higher values because of privilege issues). The relay is behind a router that forwards its 80 and 443 ports to the relay's 3480 and 3443 ports for both TCP and UDP. There are no iptables rules active on the relay.
nmap shows both ports as "closed" from the outside but I guess it is expected from Tor to stop listening after the circuits have been set up, is it?
Hints about why the exposed ports aren't reachable would be much appreciated. Thanks in advance. 
Last edited by Acetate (2016-04-14 16:04:20)
Offline
#2 2016-04-14 16:04:01
- Acetate
- Member
- From: Strasbourg, France
- Registered: 2010-04-11
- Posts: 6
Re: [SOLVED] [Tor relay setup] OR and Dir port not reachable
Nailed it! It was a misconfiguration issue. Solution follows if it may help anybody else.
Something weird finally caught my eye in the log (not included in the excerpt I posted above) :
Tor[291]: Opening Control listener on 127.0.0.1:9051
Tor[291]: Opening OR listener on 127.0.0.1:3443
Tor[291]: Opening Directory listener on 127.0.0.1:3480How come the OR and Dir ports are open to connections from localhost only? The address part should be 0.0.0.0!
This came from the following lines in /etc/tor/torrc which I had pretty much stupidly copy-pasted from the example configuration:
ORPort 127.0.0.1:3443 NoAdvertise
DirPort 127.0.0.1:3480 NoAdvertiseI removed the IP part and everything is back in order!
Tor[291]: Now checking whether ORPort x.y.z.w:443 and DirPort x.y.z.w:80 are reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Tor[291]: Self-testing indicates your DirPort is reachable from the outside. Excellent.
Tor[291]: Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Tor[291]: Performing bandwidth self-test...done.Offline