[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] why my exit is not being used?



> On 31 Jan 2017, at 02:46, gustavo panizzo (gfa) <gfa@xxxxxxxxxxxx> wrote:
> 
>>>> Please send us your actual torrc:
>>> 
>>> that's my actual torrc, I've only edited HashedControlPassword
>> 
>> Then please reload your torrc so that your tor process is using it.
> What I meant to say is that I edited HashedControlPassword on the email

What I need to know is whether the torrc you provided is actually the one
being used by tor.

>>>> * your torrc has a DirPort, but your relay on atlas does not
>>>> (this might be because you have a bandwidth limit set)
>>>> * your torrc says IPv6Exit, but your relay on atlas does not exit to
>>>> IPv6
>>> 
>>> Port is open, tor is listening. no fw rules for IPv6
>> 
>> That's the ORPort, an entry port.
> 
> You are right, tor wasn't listening on the DirPort on IPv6. I've fixed
> that a few hours ago.

No tor version or role uses the IPv6 DirPort, and it's a pain to configure.

>> You say you have IPv6Exit and an ExitPolicy set in the torrc.
> I have exit rules for both, same rules apply to both protocols. An tor
> knows it
> 
> Tor[22587]: tor_addr_parse_mask_ports(): '*:6881-6999' expands into
> rules which apply to all IPv4 and IPv6 addresses. (Use accept/reject
> *4:* for IPv4 or accept[6]/reject[6] *6:* for IPv6.)
> 
> Tor[22587]: tor_addr_parse_mask_ports(): '*:*' expands into rules which
> apply to all
> IPv4 and IPv6 addresses. (Use accept/reject *4:* for IPv4 or
> accept[6]/reject[6] *6:* for IPv6.)

But if your ExitPolicy starts by rejecting IPv6 (as it does when IPv6Exit
is not set), none of these rules will ever be used.

>> But your relay does not exit to IPv6, both atlas (IPv6 Exit Policy
>> Summary) and your relay's descriptor (ipv6-policy) show that it does not
>> allow any IPv6 ports:
>> 
>> https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677CE
>> 
>> (large file)
>> https://collector.torproject.org/recent/relay-descriptors/server-descriptors/2017-01-29-12-05-00-server-descriptors
>> 
>> Either that, or there is a bug in Tor relating to IPv6 Exit policies.
>> But I can't see anywhere in the code that makes the IPv6 exit policy
>> dependent on anything except ExitPolicy and IPv6Exit.
>> 
>> Are there any log entries relating to IPv6 or exit policies?
> 
> See above

Your relay still does not exit to IPv6.
This looks like it might be a tor bug, we're looking into it.

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays