[tor-relays] Relay appears to be broken
Hi, I just setup a relay on some spare hardware I had around, but it doesn't appear to be functioning properly. It bootstraps fine, and the WAN ports are open. Additionally, the relay doesn't appear to be listed in the relay directory, either.However, the only connections appear to be to directory authorities, and for the life of me I can't work out what the issue is. This is the log from tor systemd service: https://pastebin.com/KsyNnBBq If anyone could help, it would be greatly appreciated. publickey - tor-node-op@protonmail.com - 0x9B7CE347.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] My Family
Okay, then I have another question about MyFamily. Is the only correct format MyFamily fingerprint1,fingerprint2,fingerprint3 or can I put in: MyFamily #relay 1 fingerprint1 #relay 2 fingerprint2 #relay 3 fingerprint3 I end up with a file in the second format so I know which fingerprint is which, but then creating the comma separated one line format to put in the relays. --Torix ‐‐‐ Original Message ‐‐‐ On Monday, July 26th, 2021 at 6:41 AM, Roger Dingledine wrote: > On Sun, Jul 25, 2021 at 08:36:20AM -0500, Kathi wrote: > > > I'm running three relays. Is it necessary to list all three relays in > > > > my family on each relay? > > Yes, please do list them all. > > The first reason is that it helps clients make safe routing decisions: > > by signaling to the clients that these relays are all controlled by you, > > Tor clients can make sure not to use more than one of your relays in any > > of the paths they build. > > The second reason is actually for your safety: if you are signaling to > > clients to avoid using more than one of your relays in their paths, then > > the temptation is lower for somebody to come hassle you into revealing > > data and/or watch your network connection. > > And the third reason is to help everybody know which relays are really > > yours. We've had some problems over the past year with jerks trying to > > run harmful relays, and one of their tricks to stay hard to notice has > > been to find groups of relays that look like a family but that haven't > > set up their MyFamily lines properly, and try to blend in with those. So > > if you run three relays but don't set your MyFamily properly, we can't > > tell the difference between that and "you run two relays and some jerk > > is trying to blend their relay into your two". > > Thanks for running relays! > > (Oh. As Roman says in the other reply, technically there's no need to > > list yourself in your MyFamily line. That is, every relay is implicitly > > already in its own family. But for logistical reasons, it's probably > > easier to just use the same MyFamily line for all three relays.) > > --Roger > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Is my node dropping packets?
Hi, my Tor node is inside a local network protected by a firewall. Only port 9001 is NATted towards the Tor server. Moreover, I have iptables active on the Tor server itself. The outer firewall blocks any incoming packet except for packets on port 9001 and returning packets from established connections. My iptables blocks several packets which were allowed through by the outer firewall, where I assume they are recognized as returning packets from established connections. Then my local iptables drops them. I can't understand why. You can find here an extract from my Tor node "iptables -L -n" and a typical day's log of dropped packets on the Tor node: https://easyupload.io/m/48if5l Many packets coming from other Tor nodes where dropped. The Tor log doesn't mention any problem. What may be wrong? -- Bye, Marco https://metrics.torproject.org/rs.html#details/A4E74410D83705EEFF24BC265DE2B2FF39BDA56E signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] My Family
On Tue, Jul 27, 2021 at 01:56:09PM +, torix wrote: > Okay, then I have another question about MyFamily. Is the only correct format > MyFamily fingerprint1,fingerprint2,fingerprint3 > or can I put in: > MyFamily > #relay 1 > fingerprint1 > #relay 2 > fingerprint2 > #relay 3 > fingerprint3 > > I end up with a file in the second format so I know which fingerprint is > which, but then creating the comma separated one line format to put in the > relays. According to the MyFamily entry in 'man torrc', you can do it either all on one line, or each on its own line. But in the 'each on its own line' case you still need to set MyFamily at the beginning of each line. MyFamily fingerprint,fingerprint,... Declare that this Tor relay is controlled or administered by a group or organization identical or similar to that of the other relays, defined by their (possibly $-prefixed) identity fingerprints. This option can be repeated many times, for convenience in defining large families: all fingerprints in all MyFamily lines are merged into one list. When two relays both declare that they are in the same 'family', Tor clients will not use them in the same circuit. (Each relay only needs to list the other servers in its family; it doesn't need to list itself, but it won't hurt if it does.) Do not list any bridge relay as it would compromise its concealment. If you run more than one relay, the MyFamily option on each relay must list all other relays, as described above. Note: do not use MyFamily when configuring your Tor instance as a bridge. There is even a third option, where you end each line with a backslash, which tells Tor that these multiple lines are actually just one long line: To split one configuration entry into multiple lines, use a single backslash character (\) before the end of the line. Comments can be used in such multiline entries, but they must start at the beginning of a line. I.e. you could use your above approach with one fingerprint per line, without saying MyFamily on each one of them, if you added a backslash at the end of each fingerprint. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay Bandwidth/Burst Change
On Tue, Jul 27, 2021 at 09:41:30PM -0500, Kathi wrote: > I set torrc bandwidth/Burst to 5 MBs/6MBs respectively How do you set them? By changing your /etc/tor/torrc file? Or some other way like using nyx? > Then I get @7pm Local: > > Received reload signal (hup). Reloading config and resetting internal > state. > Read configuration file "/usr/share/tor/tor-service-defaults-torrc". > Read configuration file "/etc/tor/torrc". Sounds like you are using the tor deb, or some other package which does logrotation and thus automatically hups your Tor each day. > After the above happens I'm back to Kb second. > > If I understand correctly, torrc is the 'go to' default and > those settings [*should be*] used. Yes. > So why is the bandwidth/Burst being changed? Which > is REALLY annoying. There must be another setting > somewhere in Tor that I am missing? It really comes down to how you are doing the config changes. Some approaches, like doing changes via "setconf" on the control port, are transient and are replaced by what's in the torrc files after a hup. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Updates to Tor Bridge?
Hi! You could go with TheOnionPack. Greetings, Ralph Gesendet: Montag, 26. Juli 2021 um 02:39 Uhr Von: dotherightthing...@protonmail.com An: tor-relays@lists.torproject.org Betreff: [tor-relays] Updates to Tor Bridge? Hello everyone, I recently started running a Tor Bridge on my Windows 10 PC. How do I update it? Does updating the Tor Browser app update my Bridge? Or is there a method to doing this? Thanks! Sent from ProtonMail ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Relay Bandwidth/Burst Change
I set torrc bandwidth/Burst to 5 MBs/6MBs respectively Then I get @7pm Local: Received reload signal (hup). Reloading config and resetting internal state. Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Read configuration file "/etc/tor/torrc". After the above happens I'm back to Kb second. If I understand correctly, torrc is the 'go to' default and those settings [*should be*] used. So why is the bandwidth/Burst being changed? Which is REALLY annoying. There must be another setting somewhere in Tor that I am missing? Thank you for your help! ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
