[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5376 [Tor Relay]: The ExitPolicyRejectPrivate option seems to be ignored
#5376: The ExitPolicyRejectPrivate option seems to be ignored
-----------------------+----------------------------------------------------
Reporter: kevin | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Relay | Version:
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Changes (by kevin):
* cc: malsabah@â, jansen@â, iang@â, arma@â (added)
Old description:
> I noticed that setting "!ExitPolicyRejectPrivate 0" to allow exit nodes
> to exit to private addresses seems to be ignored. This issue prevents
> nodes running in the ExperimenTor testbed from establishing exit
> connections within the emulated network environment.
>
> Here's an example torrc configuration file for an exit node that would
> like to allow exit connections to private addresses:
>
> {{{
> Address 10.0.0.6
> ORPort 6006
> ORListenAddress 10.0.0.6:6006
> SocksPort 8006
> NickName router6
> DataDirectory /home/k4bauer/experimentor/routers/6
> TestingTorNetwork 1
> ExitPolicyRejectPrivate 0
> Log notice file /home/k4bauer/experimentor/routers/6/log
> SafeLogging 0
> CircuitPriorityHalflife 0
> N23 0
> circuit_window 1000
> stream_window 500
> ExitPolicy accept *:*
> RelayBandwidthRate 2260 KBytes
> RelayBandwidthBurst 2260 KBytes
> DirServer router1 v3ident=2742779FAA4C08DD1A400AAA4F8CBA5317C1CC8C
> orport=6001 10.0.0.1:20001 2A7A C69C EEE2 5573 899F A598 0752 898E 777F
> 6107
> DirServer router2 v3ident=F43C5503929B0E4A1A93026C6810CD9C3C9FC95E
> orport=6002 10.0.0.2:20002 B5D9 0AE9 DF3C 8F3B FFFB FE67 883A 1F38 A3FF
> 4E22
> DirServer router3 v3ident=AA4DA69D8655E48BA271F561C9AFF81F5E31779A
> orport=6003 10.0.0.3:20003 7DEA F408 F641 A82E 1FF9 4EB1 EE0E 250E EFF5
> A433
> DirServer router4 v3ident=665CE5F47C7212954EDC1A80E65123E7CA5572DE
> orport=6004 10.0.0.4:20004 4475 A1B8 B4C4 7BBA BFBA 4699 1FA5 DE23 190D
> DA08
> DirServer router5 v3ident=DADB8F236660FFD1C15C08215A2EEA5EE8ADCA70
> orport=6005 10.0.0.5:20005 96A3 866E 916C D73B C928 5BB5 83FF 5F05 E40F
> 1649
>
> }}}
> A typical client's log shows the following error message when trying to
> connect to a destination on a private address:
>
> `Mar 13 07:55:51.000 [notice] No Tor server allows exit to 10.0.6.1:100.
> Rejecting.`
New description:
I noticed that setting "!ExitPolicyRejectPrivate 0" to allow exit nodes to
exit to private addresses seems to be ignored. This issue prevents nodes
running in the ExperimenTor testbed from establishing exit connections
within the emulated network environment.
Here's an example torrc configuration file for an exit node that would
like to allow exit connections to private addresses:
{{{
Address 10.0.0.6
ORPort 6006
ORListenAddress 10.0.0.6:6006
SocksPort 8006
NickName router6
DataDirectory /home/k4bauer/experimentor/routers/6
TestingTorNetwork 1
ExitPolicyRejectPrivate 0
Log notice file /home/k4bauer/experimentor/routers/6/log
SafeLogging 0
CircuitPriorityHalflife 0
N23 0
circuit_window 1000
stream_window 500
ExitPolicy accept *:*
RelayBandwidthRate 2260 KBytes
RelayBandwidthBurst 2260 KBytes
DirServer router1 v3ident=2742779FAA4C08DD1A400AAA4F8CBA5317C1CC8C
orport=6001 10.0.0.1:20001 2A7A C69C EEE2 5573 899F A598 0752 898E 777F
6107
DirServer router2 v3ident=F43C5503929B0E4A1A93026C6810CD9C3C9FC95E
orport=6002 10.0.0.2:20002 B5D9 0AE9 DF3C 8F3B FFFB FE67 883A 1F38 A3FF
4E22
DirServer router3 v3ident=AA4DA69D8655E48BA271F561C9AFF81F5E31779A
orport=6003 10.0.0.3:20003 7DEA F408 F641 A82E 1FF9 4EB1 EE0E 250E EFF5
A433
DirServer router4 v3ident=665CE5F47C7212954EDC1A80E65123E7CA5572DE
orport=6004 10.0.0.4:20004 4475 A1B8 B4C4 7BBA BFBA 4699 1FA5 DE23 190D
DA08
DirServer router5 v3ident=DADB8F236660FFD1C15C08215A2EEA5EE8ADCA70
orport=6005 10.0.0.5:20005 96A3 866E 916C D73B C928 5BB5 83FF 5F05 E40F
1649
}}}
Note that `ExitPolicyRejectPrivate` `0` is implicitly set by enabling
`TestingTorNetwork`.
A typical client's log shows the following error message when trying to
connect to a destination on a private address:
`Mar 13 07:55:51.000 [notice] No Tor server allows exit to 10.0.6.1:100.
Rejecting.`
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5376#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs