[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] why my exit is not being used?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] why my exit is not being used?
From: "gustavo panizzo (gfa)" <gfa@xxxxxxxxxxxx>
Date: Mon, 30 Jan 2017 11:35:05 +0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 29 Jan 2017 22:36:24 -0500
In-reply-to: <FA87FDC6-B97D-4EDE-A457-30CCB60C9FB4@gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <20170127060309.axqjnm5ckqztjhlg@gustavo-nb.RACKSPACE.CORP> <FA87FDC6-B97D-4EDE-A457-30CCB60C9FB4@gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: NeoMutt/20161126 (1.7.1)

On Mon, Jan 30, 2017 at 12:03:40PM +1100, teor wrote:
 
> Hi,
> 
> Please send us your actual torrc:

that's my actual torrc, I've only edited HashedControlPassword

> * your torrc has a DirPort, but your relay on atlas does not
>   (this might be because you have a bandwidth limit set)
> * your torrc says IPv6Exit, but your relay on atlas does not exit to
>   IPv6

Port is open, tor is listening. no fw rules for IPv6

$ telnet 2400:6180:0:d0::18a7:d001 443 (from a different computer)
Trying 2400:6180:0:d0::18a7:d001...
Connected to 2400:6180:0:d0::18a7:d001.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

# ss -putan |grep 443 |grep LISTEN
tcp    LISTEN     0      20480     128.199.76.145:443                   *:*      users:(("tor",pid=10809,fd=7))
tcp    LISTEN     0      20480  2400:6180:0:d0::18a7:d001:443                  :::*      users:(("tor",pid=10809,fd=8))

> 
> Since you have AccountingMax set, please send us any bandwidth-related
> log entries.
arm says i've used 106+107 GB 

After increasing the loglevel to info and reloading I got this on the
log

Heartbeat: Accounting enabled. Sent: 104.75 GB, Received: 104.44 GB, Used: 209.22 GB / 1024.00 GB, Rule: sum. 
The current accounting interval ends on 2017-02-01 00:00:00, in 2 days 2:30 hours.

> 
> Any more warning or notice log entries would also help, particularly
> those related to reachability.

Jan 21 03:29:33 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]: Now
checking whether ORPort 128.199.76.145:443 and DirPort 128.199.76.145:80
are reachable... (this may take up to 20 minutes -- look for log
messages indicating success)

Jan 21 03:29:34 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]:
Self-testing indicates your DirPort is reachable from the outside.
Excellent.

Jan 21 03:29:37 tor-exit1-1480471271410-512mb-sgp1-01 Tor[10809]:
Self-testing indicates your ORPort is reachable from the outside.
Excellent. Publishing server descriptor.

After increase loglevel to info, I found this in the logs, it looks
harmless but I'm not sure

Tor[10809]: connection_dir_client_reached_eof(): Received http status
code 404 ("Not found") from server '128.31.0.34:9131' while fetching
"/tor/server/d/0BD4536404AA42D4892848293B002A64459940BA+120D89A44DA007434669F18A89C170E4A31A07C3.z".
I'll try again soon.

Tor[10809]: connection_dir_client_reached_eof(): Received server info
(size 0) from server '128.31.0.34:9131'


> 
> Most likely, your relay has simply used 1024GB this month.
> 
top iptables rule

Chain INPUT (policy ACCEPT 314K packets, 267M bytes)
pkts bytes target     prot opt in     out     source               destination         
339M  289G sshguard   all  --  *      *       0.0.0.0/0            0.0.0.0/0           

I don't check daily, but when I check, tor never has more than 300 open connections

I've increased the loglevel to info, hopefully it will catch more info in the coming month

Any other check I can run? 

thanks :)

> Tim
> 
> > # general
> > Nickname sorrentini
> > Log notice syslog
> > ControlPort 9051
> > HashedControlPassword XXXXXXXXX
> > AccountingStart month 01 00:00
> > AccountingRule sum
> > AccountingMax 1024GB
> > ContactInfo 0x44BB1BA79F6C6333 <tor-admin AT zumbi dot com dot ar>
> > MyFamily 82C92FBAF2196EC346670D12BB9650FE9FF55741,EFD2EEB91E5C5D8CB999B1EC68D89E51F8776AC7
> > SocksPort 0
> > SocksPolicy reject *
> > ## IPv4
> > ORPort 128.199.76.145:443
> > DirPort 128.199.76.145:80
> > Address 128.199.76.145
> > OutboundBindAddress 128.199.76.145
> > ##IPv6
> > IPv6Exit 1
> > ORPort [2400:6180:0:d0::18a7:d001]:443
> > OutboundBindAddress [2400:6180:0:d0::18a7:d001]
> > # Exit
> > DirPortFrontPage /etc/tor/tor-exit-notice.html
> > CellStatistics 1
> > DirReqStatistics 1
> > EntryStatistics 1
> > ExitPortStatistics 1
> > ExtraInfoStatistics 1
> > HiddenServiceStatistics 1
> > ExitRelay 1
> > ExitPolicy accept *:53        # DNS
> > ExitPolicy accept *:80        # HTTP
> > ExitPolicy accept *:110       # POP3
> > ExitPolicy accept *:143       # IMAP
> > ExitPolicy accept *:220       # IMAP3
> > ExitPolicy accept *:443       # HTTPS
> > ExitPolicy accept *:873       # rsync
> > ExitPolicy accept *:989-990   # FTPS
> > ExitPolicy accept *:991       # NAS Usenet
> > ExitPolicy accept *:992       # TELNETS
> > ExitPolicy accept *:993       # IMAPS
> > ExitPolicy accept *:995       # POP3S
> > ExitPolicy accept *:1194      # OpenVPN
> > ExitPolicy accept *:1293      # IPSec
> > ExitPolicy accept *:3690      # SVN Subversion
> > ExitPolicy accept *:4321      # RWHOIS
> > ExitPolicy accept *:5222-5223 # XMPP, XMPP SSL
> > ExitPolicy accept *:5228      # Android Market
> > ExitPolicy accept *:9418      # git
> > ExitPolicy accept *:11371     # OpenPGP hkp
> > ExitPolicy accept *:64738     # Mumble
> > ExitPolicy reject *:* # nothing else is allowed
> 
> T
> 
> --
> Tim Wilson-Brown (teor)
> 
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
> ------------------------------------------------------------------------
> 
> 
> 



> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


-- 
1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333

keybase: https://keybase.io/gfa

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] why my exit is not being used?
  - From: teor

References:
- [tor-relays] why my exit is not being used?
  - From: gustavo panizzo (gfa)
- Re: [tor-relays] why my exit is not being used?
  - From: teor

Prev by Author: Re: [tor-relays] why my exit is not being used?
Next by Author: Re: [tor-relays] All I want for Chrismas is a bloody t-shirt
Previous by thread: Re: [tor-relays] why my exit is not being used?
Next by thread: Re: [tor-relays] why my exit is not being used?
Index(es):
- Author
- Thread