[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Relay question
On Fri, Dec 08, 2023 at 03:19:49AM +0000, Mulloch94 via tor-relays wrote:
> Greetings, I was directed to this relay subscription by the owner. I've recently started my own relay and everything has went smooth for the first few days. Then the relay mysteriously went offline for a period of 8-9 hours.
What do you mean by offline? The computer was offline? Or, the relay
process was not running? Or, the relay process was still running but it
was no longer reachable from the outside? Or something else?
I think there aren't enough hints so far for us to guess what happened,
i.e. there is still some mystery.
> Happened while I was sleeping I think, but any rate it came back on after I restarted the tor daemon and rebooted the server. I'm starting to think my firewall configurations might have been the culprit, even though I ran a very rudimentary setup. Basically just:
> -A INPUT -p tcp --dport <my SSH> -j ACCEPT
> -A INPUT -p tcp --dport 9050 -j ACCEPT
> -A INPUT -p tcp --dport 443 -j ACCEPT
> -A INPUT -p tcp --dport 80 -j ACCEPT
> -A INPUT -j DROP
>
> Default ACCEPT on OUTPUT
I am no iptables expert, but (a) this sounds like it should work, and (b)
you probably don't want that 9050 line in there, since your Tor relay's
socksport is intended to be only listening on localhost. (Opening up
the firewall for 9050 shouldn't hurt any though, so long as Tor still
only listens on localhost.)
> My ORPort is on 443, so I don't see how this could be interfering. I noticed my server reboot got rid of all my rules, so I'm thinking that could've been the issue. If so, what other ports should I add? Do I even need a firewall for the relay? I don't do anything else with that server, so If it doesn't need a firewall to stay secure I won't use one.
Opinions differ on the importance of firewalls, but technically no,
you would be fine without any sort of rules like these, so long as you
keep track of what applications are running on the system and make sure
things aren't listening on the outside that you didn't intend. If you
aren't a confident and experienced sysadmin though, the firewall rules
are probably helpful because they simplify the question of how much
surface area might be exposed to the world.
> One more thing, I had a flag on my relay that said I needed to "update the descriptor." It went away after rebooting my server as well, could that been the issue?
That sounds normal-ish, and it implies that your relay stopped running
somehow, before that reboot. Next step would be to check the Tor logs,
check the system logs, otherwise try to better understand what is
going on on your computer.
--Roger
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays