Re: [tor-relays] ISP Nat

[teor]

> On 14 Mar 2018, at 01:28, Paul Templeton  wrote:
> 
> Thanks nusenu
> 
>> I'd say this is broken network and ask them to fix it.
> Ticket has been lodge but it takes for ever to get something done - The node 
> has been off line for two weeks now (After a power issue in the rack). There 
> has been issue after issue getting the system up again and now this. Was just 
> wondering if you can force DNS requests on ip's 95.130.12.251 and/or 
> 95.130.12.252 as they are not affected.

Tor doesn't have a DNS OutboundBindAddress, but there are two ways you
can do it:
* change the default route to one of these IP addresses
* run a caching resolver, and tell it to bind to one of these IP addresses

I would recommend using a caching resolver, it puts much less load on the
remote resolvers you are using.

T
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] middle relay connexions dropped in half

[teor]

> On 13 Mar 2018, at 20:51, mytormail  wrote:
> 
> I just doesn't feel right if donated capacity isn't used.

Oh, but your relay's spare capacity *is* used.
Just not the way you think.

A congested relay is a slow and unstable relay.

A relay with extra capacity has lower latency, and can deal with
unexpected traffic peaks.

We expect relays to use 30% - 60% of their capacity.
But I think we'd like 10% - 20% for the best latency.

Also, the network is still adjusting after the bandwidth authorities
being down for a few days, and a million extra clients leaving the
network. So it might take a few weeks for bandwidth to balance
out.

T
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP Nat

[Paul Templeton]

Thanks nusenu

> I'd say this is broken network and ask them to fix it.
Ticket has been lodge but it takes for ever to get something done - The node 
has been off line for two weeks now (After a power issue in the rack). There 
has been issue after issue getting the system up again and now this. Was just 
wondering if you can force DNS requests on ip's 95.130.12.251 and/or 
95.130.12.252 as they are not affected.

If not I can run it as a middle for now... SIGH

Paul

609662E824251C283164243846C035C803940378

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP Nat

[nusenu]

>> Can you elaborate on your network topology and NAT?
> 
> Out bound traffic from 95.130.9.210 goes via 95.130.9.1 then 95.130.8.1 then 
> out to the real world.

outbound:
[ 95.130.9.210 ] --> [outbound gw 95.130.9.1 ] --> [2th hop 95.130.8.1 ] --> 
inet

> In bound traffic comes via 95.130.8.11 then 9.130.8.120

inbound:
[ 95.130.9.210 ] <--  [ 9.130.8.120 ]  <-- [SNAT:95.130.8.11 ] <-- inet
 
> It's NATted at 95.130.8.11 and all I see is this address connected to the 
> system(ie all connections show as 95.130.8.11).
> 
> My /etc/network/interface - the DNS server is temporary for testing.


If I understood you correctly and they are simply replacing the source IP of 
all incoming
packets I'd say this is broken network and ask them to fix it.
(it will break more than just DNS resolution
unless they are NATing only on specific protocols [udp] and ports [53]).


 

> auto enp4s0
> iface enp4s0 inet static
> address 95.130.9.210
> netmask 255.255.255.255
> network 95.130.9.210
> broadcast 95.130.9.210
> dns-nameservers 95.130.8.8 95.130.8.9
> #Route statique vers la passerelle
> up ip route add 95.130.9.1 dev enp4s0
> up ip route add default via 95.130.9.1
> 
> up ip addr add 95.130.12.251/24 dev enp4s0
> up ip addr add 95.130.12.252/24 dev enp4s0



-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] middle relay connexions dropped in half

[torix]

Yes, I have experienced the same thing; my throughput is slower as well.  Not 
only have I dropped from about 2,000 connexions to 1, 000; my rate has gone 
down as well:
 #vnstat -d
 02/21/201816.83 GiB |   16.59 GiB |   33.42 GiB |3.24 Mbit/s
 02/22/201818.73 GiB |   18.49 GiB |   37.21 GiB |3.61 Mbit/s
 02/23/201817.38 GiB |   17.20 GiB |   34.58 GiB |3.36 Mbit/s
 02/24/201819.16 GiB |   18.94 GiB |   38.11 GiB |3.70 Mbit/s
 02/25/201815.63 GiB |   15.48 GiB |   31.11 GiB |3.02 Mbit/s
 02/26/201818.69 GiB |   18.49 GiB |   37.18 GiB |3.61 Mbit/s
 02/27/201819.28 GiB |   19.07 GiB |   38.35 GiB |3.72 Mbit/s
 02/28/201819.12 GiB |   18.92 GiB |   38.03 GiB |3.69 Mbit/s
 03/01/201819.07 GiB |   18.92 GiB |   37.99 GiB |3.69 Mbit/s
 03/02/201819.04 GiB |   18.89 GiB |   37.93 GiB |3.68 Mbit/s
 03/03/201817.46 GiB |   17.22 GiB |   34.68 GiB |3.37 Mbit/s
 03/04/201818.39 GiB |   18.16 GiB |   36.55 GiB |3.55 Mbit/s
 03/05/201815.90 GiB |   15.82 GiB |   31.72 GiB |3.08 Mbit/s
 03/06/201813.82 GiB |   13.83 GiB |   27.64 GiB |2.68 Mbit/s
 03/07/201818.25 GiB |   18.09 GiB |   36.34 GiB |3.53 Mbit/s
 03/08/201812.66 GiB |   12.64 GiB |   25.30 GiB |2.46 Mbit/s
 03/09/201811.74 GiB |   11.74 GiB |   23.48 GiB |2.28 Mbit/s
 03/10/201813.31 GiB |   13.32 GiB |   26.63 GiB |2.59 Mbit/s

 03/12/201813.59 GiB |   13.64 GiB |   27.24 GiB |2.64 Mbit/s

I switched to the newest dos mitigation version 0.3.2.10 on 03/05.
I also had an internet outage of about 10 hours 03/11, and got a new ip 
address, so this relay is not a good example, perhaps.
My thought was to leave things for another 2 weeks, and if I still have this 
lower throughput, then I will up the RelayBandwidthRate and RelayBandwidthBurst 
settings, which has been my very rough way to attract more or fewer connexions. 
 I try to keep it under my ISP's radar at 1 T a month.

--Torix  

​Sent with ProtonMail Secure Email.​

‐‐‐ Original Message ‐‐‐

On March 13, 2018 3:51 PM, mytormail  wrote:

> Hi,
> 
> I am curious if your relay is back on speed now.
> 
> I experience the same thing. Since the latest update my two "fast"
> 
> relay's (around 5100KB) have now dropped to half the speed and seem to
> 
> go slower as time goes by. Processor is hardly used, memory is no issue,
> 
> logs seem okay. My other two relay's where a bit slower already and
> 
> didn't change much in that regard.
> 
> I just doesn't feel right if donated capacity isn't used. Maybe I have
> 
> to wait it out a bit longer, hence my question.
> 
> Edwin.
> 
> On 11.03.2018 03:50, to...@protonmail.com wrote:
> 
> > Dear All,
> > 
> > On March 5 I changed to the newest version 3.2.10 on a middle relay I
> > 
> > run. I went away for a few days, checked today, and found that my
> > 
> > traffic is down, and my connexions, which were around 2,000 since
> > 
> > December, are now about 1,000. Consensus weight is still the same
> > 
> > (about 450) as it has been before. And my throughput is down from
> > 
> > 35G/day, hitting that max most days to about 23-26G/day.
> > 
> > Don't know if this is because it is a better Tor and is filtering out
> > 
> > extra crap now or not, but just thought I'd mention it, as the Tor
> > 
> > version is the only thing that changed.
> > 
> > --Torix
> > 
> > Sent with ProtonMail \[1\] Secure Email.
> > 
> > Links:
> > --
> > 
> > \[1\] https://protonmail.com
> > 
> > tor-relays mailing list
> > 
> > tor-relays@lists.torproject.org
> > 
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> tor-relays mailing list
> 
> tor-relays@lists.torproject.org
> 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP Nat

[Paul Templeton]

> Can you elaborate on your network topology and NAT?

Out bound traffic from 95.130.9.210 goes via 95.130.9.1 then 95.130.8.1 then 
out to the real world.
In bound traffic comes via 95.130.8.11 then 9.130.8.120

It's NATted at 95.130.8.11 and all I see is this address connected to the 
system(ie all connections show as 95.130.8.11).

My /etc/network/interface - the DNS server is temporary for testing.

auto lo
iface lo inet loopback

auto enp4s0
iface enp4s0 inet static
address 95.130.9.210
netmask 255.255.255.255
network 95.130.9.210
broadcast 95.130.9.210
dns-nameservers 95.130.8.8 95.130.8.9
#Route statique vers la passerelle
up ip route add 95.130.9.1 dev enp4s0
up ip route add default via 95.130.9.1

up ip addr add 95.130.12.251/24 dev enp4s0
up ip addr add 95.130.12.252/24 dev enp4s0


# iface enp4s0 inet6 static
# address 2a02:a80:0:1210::2
# netmask 64
# gateway 2a02:a80:0:1210::1

609662E824251C283164243846C035C803940378

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] "Received http status code 404 ("Consensus is too old")" keeps popping up in my logs

[nottryingtobelame]

I'm just wondering if there is anything I can do to resolve this. The relay is 
running ntpd and consistently keeps the right time, and I'm not getting this 
from any other server (it's the same IP address every time). Is this of concern 
or should I just ignore it? Will it hinder the relay's performance when I'm 
getting this error? Apologies for all the questions; I'm new to the mailing 
list.


​Sent with ProtonMail Secure Email.​
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP Nat

[nusenu]

Paul Templeton:
> Hi All,
> 
> I have an ISP who has started NATting inbound traffic and has screwed
> DNS resolution. Is there a way to bind DNS requests to use a specific
> IP address (Have multiple) that is not affected with this NATting
> problem.

Can you elaborate on your network topology and NAT?

With more information it will become easier for people to help you.

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay node requirements

[nusenu]

> we need some recommendations on what setup is
> needed as a minimum to be actually useful for the network.

The relay guide might be of use to you:

https://torproject.org/relay-guide#RelayRequirements
 
> I've been checking on metrics.torproject.org on stats for my own node,
> is that the best way to monitor the nodes?

Relay Search does not show you any information on how much memory and CPU 
usage your relay is experiencing. And it does not send you an email when
your relay is down.

For these kind of things other systems are better, but relay search is a good 
place to see if your relay's consensus weight.

https://torproject.org/relay-guide#Settingupoutagenotifications
https://torproject.org/relay-guide#SystemHealthMonitoring





-- 
https://mastodon.social/@nusenu
twitter: @nusenu_



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] ISP Nat

[Paul Templeton]

> and has screwed DNS resolution. 

;; reply from unexpected source: 95.130.8.11#53, expected 95.130.8.8#53
;; reply from unexpected source: 95.130.8.11#53, expected 95.130.8.9#53

This is the problem I'm having...

609662E824251C283164243846C035C803940378

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] middle relay connexions dropped in half

[mytormail]

Hi,

I am curious if your relay is back on speed now.
I experience the same thing. Since the latest update my two "fast" 
relay's (around 5100KB) have now dropped to half the speed and seem to 
go slower as time goes by. Processor is hardly used, memory is no issue, 
logs seem okay. My other two relay's where a bit slower already and 
didn't change much in that regard.
I just doesn't feel right if donated capacity isn't used. Maybe I have 
to wait it out a bit longer, hence my question.


Edwin.



On 11.03.2018 03:50, to...@protonmail.com wrote:

Dear All,

On March 5 I changed to the newest version 3.2.10 on a middle relay I
run. I went away for a few days, checked today, and found that my
traffic is down, and my connexions, which were around 2,000 since
December, are now about 1,000. Consensus weight is still the same
(about 450) as it has been before. And my throughput is down from
35G/day, hitting that max most days to about 23-26G/day.

Don't know if this is because it is a better Tor and is filtering out
extra crap now or not, but just thought I'd mention it, as the Tor
version is the only thing that changed.

--Torix

Sent with ProtonMail [1] Secure Email.



Links:
--
[1] https://protonmail.com

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relay node requirements

[Spiros Andreou]

Hi Sqrrm. 

There was previously the Oniontip site that supported relay and exit owners. It 
would be worth you reviewing that project on github as Tor infrastructure 
components were rewarded according to their throughput and consensus weight. 

S

On March 13, 2018 2:24:42 PM UTC, sqrrm  wrote:
>The distributed bitcoin exchange Bisq is reliant on Tor as a
>communication layer and as such dependent on its stability. To support
>the network we're looking at incentivizing contributors to run their
>own
>Tor relay nodes. For this we need some recommendations on what setup is
>needed as a minimum to be actually useful for the network.
>
>I've run a relay node on a dedicated server which seems to be quite a
>bit of overkill, preferably it would run on as cheap a vps as possible.
>
>I've been checking on metrics.torproject.org on stats for my own node,
>is that the best way to monitor the nodes?
>
>If this doesn't seem worthwhile pursuing, please let me know why and
>I'll stop.
>
>Cheers
>
>sqrrm

-- 
Spiros Andreou___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Relay node requirements

[sqrrm]

The distributed bitcoin exchange Bisq is reliant on Tor as a
communication layer and as such dependent on its stability. To support
the network we're looking at incentivizing contributors to run their own
Tor relay nodes. For this we need some recommendations on what setup is
needed as a minimum to be actually useful for the network.

I've run a relay node on a dedicated server which seems to be quite a
bit of overkill, preferably it would run on as cheap a vps as possible.

I've been checking on metrics.torproject.org on stats for my own node,
is that the best way to monitor the nodes?

If this doesn't seem worthwhile pursuing, please let me know why and
I'll stop.

Cheers

sqrrm




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Relay operators meetup @ CSOA Forte Prenestino, Rome, Italy

[Vasilis]

Dear relay operators and *Tor people,

A number of people will participate this Thursday Thursday 15/03/18, 18:30 @
CSOA Forte Prenestino in Rome, Italy [1].

Hope to see many of you there.

[1]
https://blog.torproject.org/events/relay-operators-meetup-csoa-forte-prenestino-rome-italy


Cheers,
~Vasilis
-- 
Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
Pubkey: https://pgp.mit.edu/pks/lookup?op=get=0x5FBF70B1D1260162



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] ISP Nat

[Paul Templeton]

Hi All,

I have an ISP who has started NATting inbound traffic and has screwed DNS 
resolution. Is there a way to bind DNS requests to use a specific IP address 
(Have multiple) that is not affected with this NATting problem.

Paul

609662E824251C283164243846C035C803940378

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays