Re: [tor-relays] ISP Nat
> On 14 Mar 2018, at 01:28, Paul Templetonwrote: > > Thanks nusenu > >> I'd say this is broken network and ask them to fix it. > Ticket has been lodge but it takes for ever to get something done - The node > has been off line for two weeks now (After a power issue in the rack). There > has been issue after issue getting the system up again and now this. Was just > wondering if you can force DNS requests on ip's 95.130.12.251 and/or > 95.130.12.252 as they are not affected. Tor doesn't have a DNS OutboundBindAddress, but there are two ways you can do it: * change the default route to one of these IP addresses * run a caching resolver, and tell it to bind to one of these IP addresses I would recommend using a caching resolver, it puts much less load on the remote resolvers you are using. T ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] middle relay connexions dropped in half
> On 13 Mar 2018, at 20:51, mytormailwrote: > > I just doesn't feel right if donated capacity isn't used. Oh, but your relay's spare capacity *is* used. Just not the way you think. A congested relay is a slow and unstable relay. A relay with extra capacity has lower latency, and can deal with unexpected traffic peaks. We expect relays to use 30% - 60% of their capacity. But I think we'd like 10% - 20% for the best latency. Also, the network is still adjusting after the bandwidth authorities being down for a few days, and a million extra clients leaving the network. So it might take a few weeks for bandwidth to balance out. T ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
Thanks nusenu > I'd say this is broken network and ask them to fix it. Ticket has been lodge but it takes for ever to get something done - The node has been off line for two weeks now (After a power issue in the rack). There has been issue after issue getting the system up again and now this. Was just wondering if you can force DNS requests on ip's 95.130.12.251 and/or 95.130.12.252 as they are not affected. If not I can run it as a middle for now... SIGH Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
>> Can you elaborate on your network topology and NAT? > > Out bound traffic from 95.130.9.210 goes via 95.130.9.1 then 95.130.8.1 then > out to the real world. outbound: [ 95.130.9.210 ] --> [outbound gw 95.130.9.1 ] --> [2th hop 95.130.8.1 ] --> inet > In bound traffic comes via 95.130.8.11 then 9.130.8.120 inbound: [ 95.130.9.210 ] <-- [ 9.130.8.120 ] <-- [SNAT:95.130.8.11 ] <-- inet > It's NATted at 95.130.8.11 and all I see is this address connected to the > system(ie all connections show as 95.130.8.11). > > My /etc/network/interface - the DNS server is temporary for testing. If I understood you correctly and they are simply replacing the source IP of all incoming packets I'd say this is broken network and ask them to fix it. (it will break more than just DNS resolution unless they are NATing only on specific protocols [udp] and ports [53]). > auto enp4s0 > iface enp4s0 inet static > address 95.130.9.210 > netmask 255.255.255.255 > network 95.130.9.210 > broadcast 95.130.9.210 > dns-nameservers 95.130.8.8 95.130.8.9 > #Route statique vers la passerelle > up ip route add 95.130.9.1 dev enp4s0 > up ip route add default via 95.130.9.1 > > up ip addr add 95.130.12.251/24 dev enp4s0 > up ip addr add 95.130.12.252/24 dev enp4s0 -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] middle relay connexions dropped in half
Yes, I have experienced the same thing; my throughput is slower as well. Not only have I dropped from about 2,000 connexions to 1, 000; my rate has gone down as well: #vnstat -d 02/21/201816.83 GiB | 16.59 GiB | 33.42 GiB |3.24 Mbit/s 02/22/201818.73 GiB | 18.49 GiB | 37.21 GiB |3.61 Mbit/s 02/23/201817.38 GiB | 17.20 GiB | 34.58 GiB |3.36 Mbit/s 02/24/201819.16 GiB | 18.94 GiB | 38.11 GiB |3.70 Mbit/s 02/25/201815.63 GiB | 15.48 GiB | 31.11 GiB |3.02 Mbit/s 02/26/201818.69 GiB | 18.49 GiB | 37.18 GiB |3.61 Mbit/s 02/27/201819.28 GiB | 19.07 GiB | 38.35 GiB |3.72 Mbit/s 02/28/201819.12 GiB | 18.92 GiB | 38.03 GiB |3.69 Mbit/s 03/01/201819.07 GiB | 18.92 GiB | 37.99 GiB |3.69 Mbit/s 03/02/201819.04 GiB | 18.89 GiB | 37.93 GiB |3.68 Mbit/s 03/03/201817.46 GiB | 17.22 GiB | 34.68 GiB |3.37 Mbit/s 03/04/201818.39 GiB | 18.16 GiB | 36.55 GiB |3.55 Mbit/s 03/05/201815.90 GiB | 15.82 GiB | 31.72 GiB |3.08 Mbit/s 03/06/201813.82 GiB | 13.83 GiB | 27.64 GiB |2.68 Mbit/s 03/07/201818.25 GiB | 18.09 GiB | 36.34 GiB |3.53 Mbit/s 03/08/201812.66 GiB | 12.64 GiB | 25.30 GiB |2.46 Mbit/s 03/09/201811.74 GiB | 11.74 GiB | 23.48 GiB |2.28 Mbit/s 03/10/201813.31 GiB | 13.32 GiB | 26.63 GiB |2.59 Mbit/s 03/12/201813.59 GiB | 13.64 GiB | 27.24 GiB |2.64 Mbit/s I switched to the newest dos mitigation version 0.3.2.10 on 03/05. I also had an internet outage of about 10 hours 03/11, and got a new ip address, so this relay is not a good example, perhaps. My thought was to leave things for another 2 weeks, and if I still have this lower throughput, then I will up the RelayBandwidthRate and RelayBandwidthBurst settings, which has been my very rough way to attract more or fewer connexions. I try to keep it under my ISP's radar at 1 T a month. --Torix Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On March 13, 2018 3:51 PM, mytormailwrote: > Hi, > > I am curious if your relay is back on speed now. > > I experience the same thing. Since the latest update my two "fast" > > relay's (around 5100KB) have now dropped to half the speed and seem to > > go slower as time goes by. Processor is hardly used, memory is no issue, > > logs seem okay. My other two relay's where a bit slower already and > > didn't change much in that regard. > > I just doesn't feel right if donated capacity isn't used. Maybe I have > > to wait it out a bit longer, hence my question. > > Edwin. > > On 11.03.2018 03:50, to...@protonmail.com wrote: > > > Dear All, > > > > On March 5 I changed to the newest version 3.2.10 on a middle relay I > > > > run. I went away for a few days, checked today, and found that my > > > > traffic is down, and my connexions, which were around 2,000 since > > > > December, are now about 1,000. Consensus weight is still the same > > > > (about 450) as it has been before. And my throughput is down from > > > > 35G/day, hitting that max most days to about 23-26G/day. > > > > Don't know if this is because it is a better Tor and is filtering out > > > > extra crap now or not, but just thought I'd mention it, as the Tor > > > > version is the only thing that changed. > > > > --Torix > > > > Sent with ProtonMail \[1\] Secure Email. > > > > Links: > > -- > > > > \[1\] https://protonmail.com > > > > tor-relays mailing list > > > > tor-relays@lists.torproject.org > > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
> Can you elaborate on your network topology and NAT? Out bound traffic from 95.130.9.210 goes via 95.130.9.1 then 95.130.8.1 then out to the real world. In bound traffic comes via 95.130.8.11 then 9.130.8.120 It's NATted at 95.130.8.11 and all I see is this address connected to the system(ie all connections show as 95.130.8.11). My /etc/network/interface - the DNS server is temporary for testing. auto lo iface lo inet loopback auto enp4s0 iface enp4s0 inet static address 95.130.9.210 netmask 255.255.255.255 network 95.130.9.210 broadcast 95.130.9.210 dns-nameservers 95.130.8.8 95.130.8.9 #Route statique vers la passerelle up ip route add 95.130.9.1 dev enp4s0 up ip route add default via 95.130.9.1 up ip addr add 95.130.12.251/24 dev enp4s0 up ip addr add 95.130.12.252/24 dev enp4s0 # iface enp4s0 inet6 static # address 2a02:a80:0:1210::2 # netmask 64 # gateway 2a02:a80:0:1210::1 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] "Received http status code 404 ("Consensus is too old")" keeps popping up in my logs
I'm just wondering if there is anything I can do to resolve this. The relay is running ntpd and consistently keeps the right time, and I'm not getting this from any other server (it's the same IP address every time). Is this of concern or should I just ignore it? Will it hinder the relay's performance when I'm getting this error? Apologies for all the questions; I'm new to the mailing list. Sent with ProtonMail Secure Email. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
Paul Templeton: > Hi All, > > I have an ISP who has started NATting inbound traffic and has screwed > DNS resolution. Is there a way to bind DNS requests to use a specific > IP address (Have multiple) that is not affected with this NATting > problem. Can you elaborate on your network topology and NAT? With more information it will become easier for people to help you. -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay node requirements
> we need some recommendations on what setup is > needed as a minimum to be actually useful for the network. The relay guide might be of use to you: https://torproject.org/relay-guide#RelayRequirements > I've been checking on metrics.torproject.org on stats for my own node, > is that the best way to monitor the nodes? Relay Search does not show you any information on how much memory and CPU usage your relay is experiencing. And it does not send you an email when your relay is down. For these kind of things other systems are better, but relay search is a good place to see if your relay's consensus weight. https://torproject.org/relay-guide#Settingupoutagenotifications https://torproject.org/relay-guide#SystemHealthMonitoring -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP Nat
> and has screwed DNS resolution. ;; reply from unexpected source: 95.130.8.11#53, expected 95.130.8.8#53 ;; reply from unexpected source: 95.130.8.11#53, expected 95.130.8.9#53 This is the problem I'm having... 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] middle relay connexions dropped in half
Hi, I am curious if your relay is back on speed now. I experience the same thing. Since the latest update my two "fast" relay's (around 5100KB) have now dropped to half the speed and seem to go slower as time goes by. Processor is hardly used, memory is no issue, logs seem okay. My other two relay's where a bit slower already and didn't change much in that regard. I just doesn't feel right if donated capacity isn't used. Maybe I have to wait it out a bit longer, hence my question. Edwin. On 11.03.2018 03:50, to...@protonmail.com wrote: Dear All, On March 5 I changed to the newest version 3.2.10 on a middle relay I run. I went away for a few days, checked today, and found that my traffic is down, and my connexions, which were around 2,000 since December, are now about 1,000. Consensus weight is still the same (about 450) as it has been before. And my throughput is down from 35G/day, hitting that max most days to about 23-26G/day. Don't know if this is because it is a better Tor and is filtering out extra crap now or not, but just thought I'd mention it, as the Tor version is the only thing that changed. --Torix Sent with ProtonMail [1] Secure Email. Links: -- [1] https://protonmail.com ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay node requirements
Hi Sqrrm. There was previously the Oniontip site that supported relay and exit owners. It would be worth you reviewing that project on github as Tor infrastructure components were rewarded according to their throughput and consensus weight. S On March 13, 2018 2:24:42 PM UTC, sqrrmwrote: >The distributed bitcoin exchange Bisq is reliant on Tor as a >communication layer and as such dependent on its stability. To support >the network we're looking at incentivizing contributors to run their >own >Tor relay nodes. For this we need some recommendations on what setup is >needed as a minimum to be actually useful for the network. > >I've run a relay node on a dedicated server which seems to be quite a >bit of overkill, preferably it would run on as cheap a vps as possible. > >I've been checking on metrics.torproject.org on stats for my own node, >is that the best way to monitor the nodes? > >If this doesn't seem worthwhile pursuing, please let me know why and >I'll stop. > >Cheers > >sqrrm -- Spiros Andreou___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Relay node requirements
The distributed bitcoin exchange Bisq is reliant on Tor as a communication layer and as such dependent on its stability. To support the network we're looking at incentivizing contributors to run their own Tor relay nodes. For this we need some recommendations on what setup is needed as a minimum to be actually useful for the network. I've run a relay node on a dedicated server which seems to be quite a bit of overkill, preferably it would run on as cheap a vps as possible. I've been checking on metrics.torproject.org on stats for my own node, is that the best way to monitor the nodes? If this doesn't seem worthwhile pursuing, please let me know why and I'll stop. Cheers sqrrm signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Relay operators meetup @ CSOA Forte Prenestino, Rome, Italy
Dear relay operators and *Tor people, A number of people will participate this Thursday Thursday 15/03/18, 18:30 @ CSOA Forte Prenestino in Rome, Italy [1]. Hope to see many of you there. [1] https://blog.torproject.org/events/relay-operators-meetup-csoa-forte-prenestino-rome-italy Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] ISP Nat
Hi All, I have an ISP who has started NATting inbound traffic and has screwed DNS resolution. Is there a way to bind DNS requests to use a specific IP address (Have multiple) that is not affected with this NATting problem. Paul 609662E824251C283164243846C035C803940378 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays