[tor-relays] VPS/Tor Final Thoughts

[Kurt Besig]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I thought it might be helpful to any other volunteer that may have
been silently following this thread to quickly post the issues with my
VPS Tor server that were resolved.

1. Setting up iptables allowed connections to my server.

2. Adding my server's [ip address] to the /etc/torrc resolved the
problem of tor attempting to connect to the "node" my server is on
rather than the actual ip my server is on.

3. Checking the user groups and permissions necessary to allow access
to tor files.

Other thoughts: As mentioned numerous times arm is a comfy frontend,
but certainly not necessary after investigating system tools such as
lsof and utilizing nload or munin. Also having ntp installed and
running is helpful I think.

Again thanks for all the help and have a very happy holiday season!
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJWaDXxAAoJEJQqkaGlFNDPGh4H/0uDGiSIq9dYjDBNSIrVRoBQ
sBGjLdFhvdFSJ4dsTRPspAKC+6zg4FnGSj1isBFBmJOLIN71oIo6qXkrXoQgyS+Q
crnNYucyC6Vo8vQdK72QabuAJZGE2+VXfwTw/82NhldIQnKJzyfnjNKZYamR486y
KQJGzPHls2abZPu0zyx/ay7pZRUZWzGvfc1yShQ6yTsiVqCJk456aPRd0/rbkLMQ
dG/TOHHSOAJzMsZXk92rzk0JNBBYhwkOTiNyPQDd+S68IWyLXp5wC0hE4KTdRmf/
Osa8NIB3FQyYeg6XAjxZ1PhYSc8Lp91+K220znS/2lXStxjrdUFY4TU7119iYpA=
=a7HY
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] VPS/Tor

[Kurt Besig]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I want to thank everyone for the multitude of great suggestions
regarding getting my relay up on a VPS. I reviewed every email and all
the input was useful.
The relay is up and running: E65D 300F 11E1 DB12 C534 B014 6BDA B697
2F1A 8A48
As well as my home relay: F527 3098 A711 F845 E5D1 A24F 9D38 F93B 86A0
F220
While all the information culminated in a successful outcome the
suggestion of installing ufw as a means of setting up iptables was
exceptionally valuable, thank you.
Hopefully in the future I can return the kindness.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJWZZzuAAoJEJQqkaGlFNDPifYIAIGF6EZIxvuRCz2pTQa9+vg1
6OX1YJ/Z/fP4sGhhS+VtpGzhjewFf4Yv1FYXvWdRQWVW204Ms6wR6ibul4jLd58u
ENr75uDqK/ro8kLWQpWsLeJoh3zp8cAc5dpH/u9Itftj0o/td8fGVeV6YIOw9q3L
oA90pIVRNXun49Tb4cZjYm71+KBRwSekyXUoXccAcFzw+1WvLkW9TD8Xtd25/D7E
2VBfsYZinqia+7kqcCfUzoO4Ekg4JTkgBt/PkQ9eONz3w5g6+e52hh3kNurW3wfO
61BQ5Nq/0Q2u+cmgp+DItkD5+XSLPop8HZnwJM17M1nGxZ+/cBFYGZQmrlXpFUs=
=nGYI
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] VPS/Tor Almost There

[David Schulz]

Try other ports or ask the hoster, if he blocks ports?! Or try 80 and 
443, if there are free at your server.


---
Mit freundlichen Grüßen / Yours sincerely

David Schulz 

Am 06.12.2015 um 17:15 schrieb Kurt Besig:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thanks again for all the support everyone has bee extremely helpful.
So, I reinstalled the OS on the VPS: lsb_release -d
Description: Ubuntu 14.04.3 LTS
uname -r  2.6.32-042stab102.9

Finally solved all the permissions problems, paths are correct, tor
and arm open properly.
The problem now boils down to this:
The VPS isn't allowing Ports 9001 and 9030
Should I investigate further getting my iptables up and running or
just contact the admin and have them allow the ports?
As I mentioned previously even after saving the tables upon reboot
iptables -L shows no rules, the file is empty.

  :~$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source   destination

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination
  Any further suggestions would be appreciated.

Thanks
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJWZF8qAAoJEJQqkaGlFNDPO18H/2Axj4EeGf5joYQ3n2SH1cgs
HhDAawaiMaSKMcfC/Oc9TudwKAxkoY+QkhegZr5senNKXrXjNPeLucfejkRBiUoJ
8KLOZabSGH2Uf89JNa4ZFbf9QVIiU8GdNJ0vSGy55iAuJQl14ZUpDRQeNnGkmwb5
uhADchwTVjK7Pq+ELyG6OI6l0jlQ69TWCpgH4lnMjQ5U+Nr1QKyApxXqr1ap5Heb
KJmlwchTv4zAxX2eBc1DPqAXdc9OsvEsPG/r/zp4Z/wPWxsUTGoZWoXsWv4xyjPQ
xzAzUKD+b+AvqGQ3ehQbdXtg423kO7/amVidAzux8mDmMeZuFoP3tpfqLd8cH+s=
=uoin
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] VPS/Tor Almost There

[Kurt Besig]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thanks again for all the support everyone has bee extremely helpful.
So, I reinstalled the OS on the VPS: lsb_release -d
Description: Ubuntu 14.04.3 LTS
uname -r  2.6.32-042stab102.9

Finally solved all the permissions problems, paths are correct, tor
and arm open properly.
The problem now boils down to this:
The VPS isn't allowing Ports 9001 and 9030
Should I investigate further getting my iptables up and running or
just contact the admin and have them allow the ports?
As I mentioned previously even after saving the tables upon reboot
iptables -L shows no rules, the file is empty.

 :~$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source   destination

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination
 Any further suggestions would be appreciated.

Thanks
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJWZF8qAAoJEJQqkaGlFNDPO18H/2Axj4EeGf5joYQ3n2SH1cgs
HhDAawaiMaSKMcfC/Oc9TudwKAxkoY+QkhegZr5senNKXrXjNPeLucfejkRBiUoJ
8KLOZabSGH2Uf89JNa4ZFbf9QVIiU8GdNJ0vSGy55iAuJQl14ZUpDRQeNnGkmwb5
uhADchwTVjK7Pq+ELyG6OI6l0jlQ69TWCpgH4lnMjQ5U+Nr1QKyApxXqr1ap5Heb
KJmlwchTv4zAxX2eBc1DPqAXdc9OsvEsPG/r/zp4Z/wPWxsUTGoZWoXsWv4xyjPQ
xzAzUKD+b+AvqGQ3ehQbdXtg423kO7/amVidAzux8mDmMeZuFoP3tpfqLd8cH+s=
=uoin
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] VPS/Tor Almost There

[ZEROF]

David, low ports numbers are not good idea, he can have same issues. For my
firewall i need to use something more then 9000 to make my exit/relay to
work with my ISP.

On 6 December 2015 at 17:46, David Schulz  wrote:

> Try other ports or ask the hoster, if he blocks ports?! Or try 80 and 443,
> if there are free at your server.
>
> ---
> Mit freundlichen Grüßen / Yours sincerely
>
> David Schulz 
>
>
> Am 06.12.2015 um 17:15 schrieb Kurt Besig:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Thanks again for all the support everyone has bee extremely helpful.
>> So, I reinstalled the OS on the VPS: lsb_release -d
>> Description: Ubuntu 14.04.3 LTS
>> uname -r  2.6.32-042stab102.9
>>
>> Finally solved all the permissions problems, paths are correct, tor
>> and arm open properly.
>> The problem now boils down to this:
>> The VPS isn't allowing Ports 9001 and 9030
>> Should I investigate further getting my iptables up and running or
>> just contact the admin and have them allow the ports?
>> As I mentioned previously even after saving the tables upon reboot
>> iptables -L shows no rules, the file is empty.
>>
>>   :~$ iptables -L
>> Chain INPUT (policy ACCEPT)
>> target prot opt source   destination
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source   destination
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source   destination
>>   Any further suggestions would be appreciated.
>>
>> Thanks
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v2.0.22 (MingW32)
>>
>> iQEcBAEBAgAGBQJWZF8qAAoJEJQqkaGlFNDPO18H/2Axj4EeGf5joYQ3n2SH1cgs
>> HhDAawaiMaSKMcfC/Oc9TudwKAxkoY+QkhegZr5senNKXrXjNPeLucfejkRBiUoJ
>> 8KLOZabSGH2Uf89JNa4ZFbf9QVIiU8GdNJ0vSGy55iAuJQl14ZUpDRQeNnGkmwb5
>> uhADchwTVjK7Pq+ELyG6OI6l0jlQ69TWCpgH4lnMjQ5U+Nr1QKyApxXqr1ap5Heb
>> KJmlwchTv4zAxX2eBc1DPqAXdc9OsvEsPG/r/zp4Z/wPWxsUTGoZWoXsWv4xyjPQ
>> xzAzUKD+b+AvqGQ3ehQbdXtg423kO7/amVidAzux8mDmMeZuFoP3tpfqLd8cH+s=
>> =uoin
>> -END PGP SIGNATURE-
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>



-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] VPS/Tor Almost There

[Damian Busby]

The issue with the iptables rules not being loaded has to do with a script
not being installed. On Debian it is iptables-persistent, and seems to be
the same for Ubuntu. Once that is installed, you can save the rules you
want reloaded by running:

iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6

That is the default location for the files that the init.d script will load
at startup.

Hope this helps and let me know if you have any more questions or I got
anything wrong.

Damian (The other one)


On Sun, Dec 6, 2015 at 8:53 AM ZEROF  wrote:

> David, low ports numbers are not good idea, he can have same issues. For
> my firewall i need to use something more then 9000 to make my exit/relay to
> work with my ISP.
>
> On 6 December 2015 at 17:46, David Schulz  wrote:
>
>> Try other ports or ask the hoster, if he blocks ports?! Or try 80 and
>> 443, if there are free at your server.
>>
>> ---
>> Mit freundlichen Grüßen / Yours sincerely
>>
>> David Schulz 
>>
>>
>> Am 06.12.2015 um 17:15 schrieb Kurt Besig:
>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> Thanks again for all the support everyone has bee extremely helpful.
>>> So, I reinstalled the OS on the VPS: lsb_release -d
>>> Description: Ubuntu 14.04.3 LTS
>>> uname -r  2.6.32-042stab102.9
>>>
>>> Finally solved all the permissions problems, paths are correct, tor
>>> and arm open properly.
>>> The problem now boils down to this:
>>> The VPS isn't allowing Ports 9001 and 9030
>>> Should I investigate further getting my iptables up and running or
>>> just contact the admin and have them allow the ports?
>>> As I mentioned previously even after saving the tables upon reboot
>>> iptables -L shows no rules, the file is empty.
>>>
>>>   :~$ iptables -L
>>> Chain INPUT (policy ACCEPT)
>>> target prot opt source   destination
>>>
>>> Chain FORWARD (policy ACCEPT)
>>> target prot opt source   destination
>>>
>>> Chain OUTPUT (policy ACCEPT)
>>> target prot opt source   destination
>>>   Any further suggestions would be appreciated.
>>>
>>> Thanks
>>> -BEGIN PGP SIGNATURE-
>>> Version: GnuPG v2.0.22 (MingW32)
>>>
>>> iQEcBAEBAgAGBQJWZF8qAAoJEJQqkaGlFNDPO18H/2Axj4EeGf5joYQ3n2SH1cgs
>>> HhDAawaiMaSKMcfC/Oc9TudwKAxkoY+QkhegZr5senNKXrXjNPeLucfejkRBiUoJ
>>> 8KLOZabSGH2Uf89JNa4ZFbf9QVIiU8GdNJ0vSGy55iAuJQl14ZUpDRQeNnGkmwb5
>>> uhADchwTVjK7Pq+ELyG6OI6l0jlQ69TWCpgH4lnMjQ5U+Nr1QKyApxXqr1ap5Heb
>>> KJmlwchTv4zAxX2eBc1DPqAXdc9OsvEsPG/r/zp4Z/wPWxsUTGoZWoXsWv4xyjPQ
>>> xzAzUKD+b+AvqGQ3ehQbdXtg423kO7/amVidAzux8mDmMeZuFoP3tpfqLd8cH+s=
>>> =uoin
>>> -END PGP SIGNATURE-
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
>
>
> --
> http://www.backbox.org
> http://www.pentester.iz.rs
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] VPS/Tor Almost There

[Tim Wilson-Brown - teor]

Hi Kurt,

You need to know the public IPv4 address of your relay.
Until you have the address correct, it's hard to tell whether you need to open 
any ports or not.
>  Dec 05 21:17:46.000 [notice] Your IP address seems to have changed
>  to 167.114.35.28 (METHOD=INTERFACE). Updating. Dec 05 21:17:46.000
>  [notice] Our IP Address has changed from 142.4.217.95 to
>  167.114.35.28; rebuilding descriptor (source: METHOD=INTERFACE).
>  Dec 05 21:18:42.000 [notice] Your IP address seems to have changed
>  to 142.4.217.95 (METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com 
> ).
>  Updating. Dec 05 21:18:42.000 [notice] Our IP Address has changed
>  from 167.114.35.28 to 142.4.217.95; rebuilding descriptor (source:
>  METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com 
> ). Dec 05
>  21:18:43.000 [notice] Self-testing indicates your ORPort is
>  reachable from the outside. Excellent. Publishing server
>  descriptor. Dec 05 21:38:37.000 [warn] Your server
>  (142.4.217.95:9030) has not managed to confirm that its DirPort is
>  reachable. Please check your firewalls, ports, address, /etc/hosts
>  file, etc. Dec 05 21:58:37.000 [warn] Your server
>  (142.4.217.95:9030) has not managed to confirm that its DirPort is
>  reachable. Please check your firewalls, ports, address, /etc/hosts
>  file, etc.
> I've gotten this far, not being much good at networking I can't tell
> where the problem lies.. do I need to forward something?
> 

Tor is receiving two different IP addresses using two different methods of 
working out your VPS IP address:
* gethostname() on ca3.pulseservers.com  returns 
142.4.217.95
* an OS-specific interface address system call returns 167.114.35.28

Please find out from your admin which IPv4 address you should use, and specify 
it using the "Address" option in your torrc.
(Or, alternately, make a connection to 
http://www.myipaddress.com/show-my-ip-address/ 
 or similar from the VPS, and 
look at the address it returns.)

> On 7 Dec 2015, at 03:15, Kurt Besig  wrote:
> 
> The VPS isn't allowing Ports 9001 and 9030
> Should I investigate further getting my iptables up and running or
> just contact the admin and have them allow the ports?


Once you know the correct IPv4 address, try launching Tor again, and give it 20 
minutes to check reachability.
If it still complains that it can't reach your ORPort or DirPort, then ask your 
admin if they need to open ports to a VPS.
(From your previous posts, it looks like the ports are not being blocked on the 
VPS OS itself.)

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays