[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] VPS ports closed



Hi,

On Tue, Jan 07, 2014 at 02:59:24AM -0800, I wrote:
  Mathew,
  The only addition to the bare, no doubt minimal, CentOS VPS is Tor run
  as an exit. The port failing to be accessible is 9030 - the dir port.
  The interesting thing is that another similar VPS was working but now
  9030 is not accessible.
  Perhaps paying for a VPS a year in advance and no written objection to
  Tor left me vulnerable to various methods of reducing their exposure to
  copyright litigation. Other VPSs still have the statement "Tor relays
  are ok" on their site yet emailed me that they must stop once I'd paid
  a year in advance.
  So if I can avoid discussion with them and force the port open it might
  keep one exit running for a while.
  Robert

  >
  > It's CentOS 6. Apart from that I don't know what you need to know.
  > I presumed unix type commands work in general.
  > Any help from the list will probably beat the help desk.
  >
  > Robert

"ipables -L" should tell you if your machine is blocking ports with its own firewall. (It seems odd for your host to block specific ports.)

The one CentOS machine I've set up did have a firewall that blocked incoming connections on most ports by default (I'm completely ignorant of CentOS in general, so I don't know if this is the standard setup or not):

Check out /etc/sysconfig/iptables. That lists the firewall rules that are applied when the machine boots. The default looked something like this for me:

# Generated by iptables-save v1.4.7 on Mon Oct  7 20:11:26 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [379:66816]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Oct  7 20:11:26 2013

The most relevant line is the one that contains "--dport 22". It opens port 22 to new connections. You could open port 9030 by adding this line below it:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 9030 -j ACCEPT

And so forth for other ports, followed by a "service iptables reload".

(Maybe there's a better CentOSy way of doing this; I don't claim to know. I hope this is useful.)

Most distros I have come across have all ports open by default. Do you
  know which ports you would like open? Is it just the required ports for
  Tor + SSH, or are you running additional services?

  Most users use IPTables for firewalling.
    __________________________________________________________________

  [1]Try IM ToolPack Try FREE IM ToolPack at [2]www.imtoolpack.com
  Capture screenshots, upload images, edit and send them to your friends
  through IMs, post on Twitter^Â, Facebook^Â, MySpace^â, LinkedIn^Â â
  FAST!

References

  1. http://www.imtoolpack.com/default.aspx?rc=if5
  2. http://www.imtoolpack.com/default.aspx?rc=if5

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


--
Michael

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays