[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Perplexing Tor Messages.

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Perplexing Tor Messages.
From: Claude LaFrenière <Gulliver.Tor@xxxxxxxxx>
Date: Sun, 8 Oct 2006 00:20:55 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Sun, 08 Oct 2006 00:32:29 -0400
References: <20061008014249.1027.qmail@web50803.mail.yahoo.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: 40tude_Dialog/2.0.15.1fr

Hi  *Caitlin*   :


> I'm running a Tor server (WinXP SP2) with an exit node on port 80(hidden service) 

If your exit policies allow an exit to the port 80 
this port 80 is not the local port 80 but the remote ports 80's:
the port 80 of the web servers on which tor users established 
a connection...

Remote port 80:

In your firewall a rule you must allow tor.exe 
incomming and outgoing packets
Protocol TCP
from local ports 1024 to 5000 [1]
to remote ports 80

It's exactly like a rule for the Http access for a web browser
except this time the rule is set to tor.exe not firefox.exe for example

Local port 80:

If you have a server installed in your computer such as 
an Http server with Apache + MySQL + Php you must allow
 externals connection to access your local port 80...

To local port 80 from any remote ports...

[1]
------------------------------------------------------------------------------
Nota Bene:
The connections used the first local port available
from 1024 to 5000 to initiate and established the connection.
This can be changed in:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
MaxUserPort

The default is 5000 but you can change this value
to 10 000, 20 000... up to 65535.
I set my system to 60 000 and it works perfectly
The rules must be set accordingly:
from local ports 1024 to 60000 in this example.

Also you may change this value:
TcpTimedWaitDelay
to 30

This limit the Time_Wait state of the finished connection...
(That's better than the default...  ;-)   )

--------------------------------------------------------------------------

Briefly said:
The port 80 in the exit policies is the remote port 80 of the web servers
The port 80 for your local service is the local port 80 of your computer...

> and my Tor message log is displaying a streaming list
> of 'yellow' warnings (please see below). I disabled the XP personal
> firewall that ships with the product and open ports TCP/UDP
> incoming/outgoing) 8118, 9001, and 9050 on the McAfee personal firewall
> as well in an attempt to create a stable Tor server. 

The ports 8118 is used locally by Privoxy:
example:
privoxy.exe TCP	127.0.0.1:8118	0.0.0.0:0	LISTENING	

The port 9050 is the SocksPort 
Example:
tor.exe	TCP	127.0.0.1:9050	0.0.0.0:0	LISTENING	

An other example of local loopback:
9051 is the ControlPort.
Here Vidalia and tor loop locally from the local port 40333 to local port 9051:

vidalia.exe TCP	127.0.0.1:40333	 127.0.0.1:9051	ESTABLISHED
and
tor.exe:    TCP	127.0.0.1:9051	127.0.0.1:40333	ESTABLISHED	
	

127.0.0.1 is a I.A.N.A. reserved address corresponding to your computer 
as "local Host". It's related to processes running locally not between the 
computer and internet ... 

The port 9001 is the server port for Tor Network.
It is used as remote server port 
AND 
as local server port if you run a Tor server...

When you run Tor, as a "client" , your computer must be able to make 
connections to the Tor servers on remote port 9001 ...

When you run Tor as a server you must set your firewall rules to allow
from any remote port the access to your local port 9001 and possibly
the local  port 9030 and, if you set Tor for this, the local port
9030 for the mirror server directory... (check the parameters in Vidalia).

I have no idea how to set this with McAfee Firewall but let me give you
an overview of my FW rules setting settings. I hope this help you to find 
the equivalent in McAfee FW:

1- Set of blocking rules for abnormal / illegal packets
such as SYN_FIN Tcp packets and alike

2- Rules for local servers

Here you put your Tor server rules:
In TCP incomming and outgoing packets
local port 9001 (Tor server)
remote ports any
and
local port 9030 (Mirror directory server)
remote ports any


3- Rule to drop (block with no feed back) 
    all incomming TCP packets with the flag SYN
    All server rules before this rule
    All client rules after this rule
 
 4- applications rules  (client applications)
    such as browser, email, irc and so on...
    
    and
    
    Here put your Tor client rules
    for tor.exe
    In TCP incomming and outgoing packets
    from local ports 1024 to the value of "MaxUserPort"
    to remote ports 80, 443, 9001, 9030, 9031
    
    And your exit rules according to your Tor server policies:
    
    for tor.exe
    In TCP incomming and outgoing packets
    from local ports 1024 to the value of "MaxUserPort"
    to remote ports corresponding to the ports in your exit policies like:
    
    remote port 22 Ssh
    remote port 80 Http
    remote port 110 Pop3
    remote port 119 Hhtp
    remote port 143 Imap2
    remote port 443 Https
    etc.
    
    for tor.exe
    In UDP incomming and outgoing packets
    from local ports 1024 to the value of "MaxUserPort"
    remote port 53 DNS 
     
    
5- Final locking rule:
    Block everythings else...
   
I suggest you check first if your firewall 
allow Tor to run as client and server
then 
set your hidden service ...

To check your TCP/UDP connection "live" you mau used this tool:

TCPView from Mark Russinovich
http://www.sysinternals.com/Utilities/TcpView.html
 

> Any help would be
> appreciated. Thanks, Caitlin

Hope this help.
Let us know.

:)

-- 
Claude LaFrenière

References:
- Perplexing Tor Messages.
  - From: Caitlin

Prev by Author: Re: EXPERIMENTAL Windows binary for 0.1.1.24; please let us know if it works.
Next by Author: Re: Analyzing TOR-exitnodes for anomalies
Previous by thread: Perplexing Tor Messages.
Next by thread: Re: Perplexing Tor Messages.
Index(es):
- Author
- Thread