date:20151205

Re: [tor-relays] Unbelieveable

2015-12-05 Thread Sean Greenslade

> > Check your firewall, and gateway port forwards if the server is
> > behind a NAT. If you're not sure where to start, post the output of
> > "sudo iptables -L"
> > 
> > --Sean
> > 
> I've made several iptables and saved them, I thought, however every
> time I reboot the VPS all my rules are gone.
> ~$ sudo iptables -L
> > Chain INPUT (policy ACCEPT) target prot opt source
> > destination
> > 
> > Chain FORWARD (policy ACCEPT) target prot opt source
> > destination
> > 
> > Chain OUTPUT (policy ACCEPT) target prot opt source
> > destination
> 
> 
> but:
>  cat /etc/iptables.rules
> # Generated by iptables-save v1.4.21 on Fri Dec  4 04:30:56 2015
> *raw
> :PREROUTING ACCEPT [2424:210831]
> :OUTPUT ACCEPT [1856:540218]
> COMMIT
> # Completed on Fri Dec  4 04:30:56 2015
> # Generated by iptables-save v1.4.21 on Fri Dec  4 04:30:56 2015
> *nat
> :PREROUTING ACCEPT [229:8057]
> :POSTROUTING ACCEPT [86:5885]
> :OUTPUT ACCEPT [86:5885]
> COMMIT
> # Completed on Fri Dec  4 04:30:56 2015
> # Generated by iptables-save v1.4.21 on Fri Dec  4 04:30:56 2015
> *mangle
> :PREROUTING ACCEPT [2424:210831]
> :INPUT ACCEPT [2424:210831]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [1856:540218]
> :POSTROUTING ACCEPT [1856:540218]
> COMMIT
> # Completed on Fri Dec  4 04:30:56 2015
> # Generated by iptables-save v1.4.21 on Fri Dec  4 04:30:56 2015
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [581:184073]
> - -A INPUT -i lo -j ACCEPT
> - -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
> - -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
> - -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
> - -A INPUT -p tcp -m tcp --dport 9052 -j ACCEPT
> - -A INPUT -p tcp -m tcp --dport 9051 -j ACCEPT
> - -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
> - -A INPUT -p tcp -m tcp --dport 9030 -j ACCEPT
> - -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
> - -A INPUT -j DROP
> COMMIT
> # Completed on Fri Dec  4 04:30:56 2015
> 
> 
> > 3:/etc/network$ cat interfaces # This configuration file is
> > auto-generated. # # WARNING: Do not edit this file, your changes
> > will be lost. # Please create/edit /etc/network/interfaces.head
> > and # /etc/network/interfaces.tail instead, their contents will be 
> > # inserted at the beginning and at the end of this file,
> > respectively. # # NOTE: it is NOT guaranteed that the contents of
> > /etc/network/interfaces.tail # will be at the very end of this
> > file. #
> > 
> > # Auto generated lo interface auto lo iface lo inet loopback
> > 
> > # Auto generated venet0 interface auto venet0 iface venet0 inet
> > manual up ifconfig venet0 up up ifconfig venet0 127.0.0.2 up route
> > add default dev venet0 down route del default dev venet0 down
> > ifconfig venet0 down
> > 
> > 
> > iface venet0 inet6 manual up route -A inet6 add default dev venet0 
> > down route -A inet6 del default dev venet0
> > 
> > auto venet0:0 iface venet0:0 inet static address 167.114.35.28 
> > netmask 255.255.255.255
> 
> > cat sysctl.conf
> 
> > # Uncomment the next line to enable packet forwarding for IPv4 
> > net.ipv4.ip_forward=1
> > 
> > # Uncomment the next line to enable packet forwarding for IPv6 #
> > Enabling this option disables Stateless Address Autoconfiguration #
> > based on Router Advertisements for this host 
> > net.ipv6.conf.all.forwarding=1

iptables doesn't automatically load anything on boot; it starts with a
clean slate. Most distros have a preferred way of loading that save file
on boot, typically a service of some sort. Check your distro's docs for
the specifics.

But before you go enabling the firewall, verify that the tor process is
binding to the ports correctly. Restart the VPS, make sure tor is
running, then run the following:

"sudo lsof | grep LISTEN"

It should output something like this:

> sshd398   root3u IPv4  104876616   0t0 TCP 
> *:ssh (LISTEN)
> sshd398   root4u IPv6  104876623   0t0 TCP 
> *:ssh (LISTEN)
> tor1129   _tor6u IPv4  105943714   0t0 TCP 
> *:https (LISTEN)
> tor1129   _tor7u IPv4  105943715   0t0 TCP 
> *:http (LISTEN)
> tor1129  1130 _tor6u IPv4  105943714   0t0 TCP 
> *:https (LISTEN)
> tor1129  1130 _tor7u IPv4  105943715   0t0 TCP 
> *:http (LISTEN)

Note that I'm using the HTTP(S) ports for my relay, you should see the
ports you have selected for ORPort and DIRPort. Also note the asterisk
indicating that it is listening on all network interfaces. If it only
lists one specific interface, ensure that it is the correct
(internet-facing) interface.

--Sean
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unbelieveable

2015-12-05 Thread john saylor

On 12/04/15 00:07, I wrote:
> I thought I was joining a loose but passionate, clever and idealistic 
> community.
> I thought I would learn just being a listener and building my knowledge of 
> security and servers.


disappointments result from expectations.

i have learned some things by reading this list. i have learned other
things as well.


-- 
\js: !
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unbelieveable

2015-12-05 Thread Kenneth Freeman



On 12/03/2015 10:09 PM, Michael McConville wrote:
> Kurt Besig wrote:
>> Well. even a doctor would make a few suggestions based on some sort of
>> experience based reasoning. Perhaps some connection problems
>> associated with running tor-arm on a VPS vs. a home server...things of
>> that nature. Also I was just wondering as I don't see many of the
>> relay operators that used to post to this list around anymore, has
>> something changed to make them move on??
>> Lots of people whining about their consensus weight numbers, but
>> little of substance being posted.
> 
> The people who know what they're doing can quickly, reliably
> set-and-forget relays. That's the ideal scenario - tweaking knobs is
> mostly a liability and performance issues are a development concern.

This is very much the case.


0xDD79757F.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unbelieveable

2015-12-05 Thread Kurt Besig

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/4/2015 8:25 PM, Damian Johnson wrote:
> For what it's worth process permissions aren't at play here. Arm
> is failing to talk with the control port - permissions could cause
> us to be unable to read the authentication cookie, but that would
> be a different message.
> 
> Cheers! -Damian
> 
> 
> On Fri, Dec 4, 2015 at 5:36 PM, Manager Bahia del Sol LLC 
>  wrote:
>> 
>> No worries,
>> 
>> Are you sure the user or group is debian_tor? The default is
>> debian-tor in Ubuntu.
>> 
>> If that isn't the problem,
>> 
>> First I would be sure tor is actually running. top or top -u
>> debian-tor The second will show if tor is actually running as the
>> user you think it is.
>> 
>> If it is, then see if it is listening on the control port sudo
>> netstat -ntlp | grep LISTEN
>> 
>> If it is I would suspect that either a firewall is blocking that
>> port. If you have one running try shutting it down for a few
>> minutes while you try to start arm.
>> 
>> Or maybe it is a permissions issue where arm is not running as
>> the same user as tor. You could try starting arm as root to see
>> if it would start. But, do not run arm as root full time. Only
>> try to start it as a test.
>> 
>> 
>> 
>> -- Manager of Bahia del Sol LLC
>> 
>> 
>> ___ tor-relays
>> mailing list tor-relays@lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
> ___ tor-relays mailing
> list tor-relays@lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> Dec 05 21:17:46.000 [notice] Your IP address seems to have changed
> to 167.114.35.28 (METHOD=INTERFACE). Updating. Dec 05 21:17:46.000
> [notice] Our IP Address has changed from 142.4.217.95 to
> 167.114.35.28; rebuilding descriptor (source: METHOD=INTERFACE). 
> Dec 05 21:18:42.000 [notice] Your IP address seems to have changed
> to 142.4.217.95 (METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com).
> Updating. Dec 05 21:18:42.000 [notice] Our IP Address has changed
> from 167.114.35.28 to 142.4.217.95; rebuilding descriptor (source:
> METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com). Dec 05
> 21:18:43.000 [notice] Self-testing indicates your ORPort is
> reachable from the outside. Excellent. Publishing server
> descriptor. Dec 05 21:38:37.000 [warn] Your server
> (142.4.217.95:9030) has not managed to confirm that its DirPort is
> reachable. Please check your firewalls, ports, address, /etc/hosts
> file, etc. Dec 05 21:58:37.000 [warn] Your server
> (142.4.217.95:9030) has not managed to confirm that its DirPort is
> reachable. Please check your firewalls, ports, address, /etc/hosts
> file, etc.
I've gotten this far, not being much good at networking I can't tell
where the problem lies.. do I need to forward something?

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJWYzh6AAoJEJQqkaGlFNDPCeYIAJln5C5Z+7n69zcoW1/RdUxi
iduyKB/lnXc1Be190dSsHikjXVWv2hYvbnwvn3RuGOAft29WHd/OJi+GK9qBAB57
qdL+sl4PvlJVlWYH8hDK65FHqmZ85UYRX0nP5KsvRLbzKlNiX1rGSJPfpVSeOlK8
2bvSG/b4+Y4ZqmlxmLyJW5eJnMMzOHJdTf/OgUefnqic5KB1BLXygFi566lYYNMC
d8R8RObw8Rez/9H4+cKXcbNfnN2Yh0RMwpHF8nqpU8D292kO+Koz/xhfsu9VXRfe
DBKhCSfKdDJBNiP0zI13Y1OB5tq4SG0sKhhGCCavW+3oelT2ujyTBgB4xAyszkY=
=U+4y
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unbelieveable

2015-12-05 Thread Kurt Besig

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/5/2015 3:20 PM, Sean Greenslade wrote:
>>> Dec 05 21:17:46.000 [notice] Your IP address seems to have
>>> changed to 167.114.35.28 (METHOD=INTERFACE). Updating. Dec 05
>>> 21:17:46.000 [notice] Our IP Address has changed from
>>> 142.4.217.95 to 167.114.35.28; rebuilding descriptor (source:
>>> METHOD=INTERFACE). Dec 05 21:18:42.000 [notice] Your IP address
>>> seems to have changed to 142.4.217.95 (METHOD=GETHOSTNAME
>>> HOSTNAME=ca3.pulseservers.com). Updating. Dec 05 21:18:42.000
>>> [notice] Our IP Address has changed from 167.114.35.28 to
>>> 142.4.217.95; rebuilding descriptor (source: METHOD=GETHOSTNAME
>>> HOSTNAME=ca3.pulseservers.com). Dec 05 21:18:43.000 [notice]
>>> Self-testing indicates your ORPort is reachable from the
>>> outside. Excellent. Publishing server descriptor. Dec 05
>>> 21:38:37.000 [warn] Your server (142.4.217.95:9030) has not
>>> managed to confirm that its DirPort is reachable. Please check
>>> your firewalls, ports, address, /etc/hosts file, etc. Dec 05
>>> 21:58:37.000 [warn] Your server (142.4.217.95:9030) has not
>>> managed to confirm that its DirPort is reachable. Please check
>>> your firewalls, ports, address, /etc/hosts file, etc.
>> I've gotten this far, not being much good at networking I can't
>> tell where the problem lies.. do I need to forward something?
> Check your firewall, and gateway port forwards if the server is
> behind a NAT. If you're not sure where to start, post the output of
> "sudo iptables -L"
> 
> --Sean ___ tor-relays
> mailing list tor-relays@lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
I've made several iptables and saved them, I thought, however every
time I reboot the VPS all my rules are gone.
~$ sudo iptables -L
> Chain INPUT (policy ACCEPT) target prot opt source
> destination
> 
> Chain FORWARD (policy ACCEPT) target prot opt source
> destination
> 
> Chain OUTPUT (policy ACCEPT) target prot opt source
> destination


but:
 cat /etc/iptables.rules
# Generated by iptables-save v1.4.21 on Fri Dec  4 04:30:56 2015
*raw
:PREROUTING ACCEPT [2424:210831]
:OUTPUT ACCEPT [1856:540218]
COMMIT
# Completed on Fri Dec  4 04:30:56 2015
# Generated by iptables-save v1.4.21 on Fri Dec  4 04:30:56 2015
*nat
:PREROUTING ACCEPT [229:8057]
:POSTROUTING ACCEPT [86:5885]
:OUTPUT ACCEPT [86:5885]
COMMIT
# Completed on Fri Dec  4 04:30:56 2015
# Generated by iptables-save v1.4.21 on Fri Dec  4 04:30:56 2015
*mangle
:PREROUTING ACCEPT [2424:210831]
:INPUT ACCEPT [2424:210831]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1856:540218]
:POSTROUTING ACCEPT [1856:540218]
COMMIT
# Completed on Fri Dec  4 04:30:56 2015
# Generated by iptables-save v1.4.21 on Fri Dec  4 04:30:56 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [581:184073]
- -A INPUT -i lo -j ACCEPT
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 9052 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 9051 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 9030 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
- -A INPUT -j DROP
COMMIT
# Completed on Fri Dec  4 04:30:56 2015


> 3:/etc/network$ cat interfaces # This configuration file is
> auto-generated. # # WARNING: Do not edit this file, your changes
> will be lost. # Please create/edit /etc/network/interfaces.head
> and # /etc/network/interfaces.tail instead, their contents will be 
> # inserted at the beginning and at the end of this file,
> respectively. # # NOTE: it is NOT guaranteed that the contents of
> /etc/network/interfaces.tail # will be at the very end of this
> file. #
> 
> # Auto generated lo interface auto lo iface lo inet loopback
> 
> # Auto generated venet0 interface auto venet0 iface venet0 inet
> manual up ifconfig venet0 up up ifconfig venet0 127.0.0.2 up route
> add default dev venet0 down route del default dev venet0 down
> ifconfig venet0 down
> 
> 
> iface venet0 inet6 manual up route -A inet6 add default dev venet0 
> down route -A inet6 del default dev venet0
> 
> auto venet0:0 iface venet0:0 inet static address 167.114.35.28 
> netmask 255.255.255.255

> cat sysctl.conf

> # Uncomment the next line to enable packet forwarding for IPv4 
> net.ipv4.ip_forward=1
> 
> # Uncomment the next line to enable packet forwarding for IPv6 #
> Enabling this option disables Stateless Address Autoconfiguration #
> based on Router Advertisements for this host 
> net.ipv6.conf.all.forwarding=1

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJWY4QyAAoJEJQqkaGlFNDPpiEH/jpcbG8GurVjOsSDneOQvKU3
o9cY536TmP2J8+t+JgTfG5KVm/lL1jzBT6/NE62xkWMPrrrdRGx4mLLJJ+AKjTdJ
t+89gBgBdtBfaWtGu29XcgXh/wbWB9EDMZgkKi2iSh9CEVMC5uTZKPXtzslUl6Rk

Re: [tor-relays] Unbelieveable

2015-12-05 Thread ZEROF

Just build new torrc, that fixed my issue.

cd /etc/tor/
cp torrc torrc.bak
touch torrc

Use this for torrc (nano torrc), replace some info to match your relay

http://0bin.net/paste/tdUuzTHwZI-BRWQy#JPmufzd+g0W0cx0WyB4g0iU12jU0WFpZRWtKVg6iDbS

When you are done:

sevice tor restart

Then,

sudo -u debian-tor arm

I use screen session for this.

On 5 December 2015 at 20:18, Kurt Besig  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 12/4/2015 8:25 PM, Damian Johnson wrote:
> > For what it's worth process permissions aren't at play here. Arm
> > is failing to talk with the control port - permissions could cause
> > us to be unable to read the authentication cookie, but that would
> > be a different message.
> >
> > Cheers! -Damian
> >
> >
> > On Fri, Dec 4, 2015 at 5:36 PM, Manager Bahia del Sol LLC
> >  wrote:
> >>
> >> No worries,
> >>
> >> Are you sure the user or group is debian_tor? The default is
> >> debian-tor in Ubuntu.
> >>
> >> If that isn't the problem,
> >>
> >> First I would be sure tor is actually running. top or top -u
> >> debian-tor The second will show if tor is actually running as the
> >> user you think it is.
> >>
> >> If it is, then see if it is listening on the control port sudo
> >> netstat -ntlp | grep LISTEN
> >>
> >> If it is I would suspect that either a firewall is blocking that
> >> port. If you have one running try shutting it down for a few
> >> minutes while you try to start arm.
> >>
> >> Or maybe it is a permissions issue where arm is not running as
> >> the same user as tor. You could try starting arm as root to see
> >> if it would start. But, do not run arm as root full time. Only
> >> try to start it as a test.
> >>
> >>
> >>
> >> -- Manager of Bahia del Sol LLC
> >>
> >>
> >> ___ tor-relays
> >> mailing list tor-relays@lists.torproject.org
> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >>
> > ___ tor-relays mailing
> > list tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> > Dec 05 21:17:46.000 [notice] Your IP address seems to have changed
> > to 167.114.35.28 (METHOD=INTERFACE). Updating. Dec 05 21:17:46.000
> > [notice] Our IP Address has changed from 142.4.217.95 to
> > 167.114.35.28; rebuilding descriptor (source: METHOD=INTERFACE).
> > Dec 05 21:18:42.000 [notice] Your IP address seems to have changed
> > to 142.4.217.95 (METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com).
> > Updating. Dec 05 21:18:42.000 [notice] Our IP Address has changed
> > from 167.114.35.28 to 142.4.217.95; rebuilding descriptor (source:
> > METHOD=GETHOSTNAME HOSTNAME=ca3.pulseservers.com). Dec 05
> > 21:18:43.000 [notice] Self-testing indicates your ORPort is
> > reachable from the outside. Excellent. Publishing server
> > descriptor. Dec 05 21:38:37.000 [warn] Your server
> > (142.4.217.95:9030) has not managed to confirm that its DirPort is
> > reachable. Please check your firewalls, ports, address, /etc/hosts
> > file, etc. Dec 05 21:58:37.000 [warn] Your server
> > (142.4.217.95:9030) has not managed to confirm that its DirPort is
> > reachable. Please check your firewalls, ports, address, /etc/hosts
> > file, etc.
> I've gotten this far, not being much good at networking I can't tell
> where the problem lies.. do I need to forward something?
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJWYzh6AAoJEJQqkaGlFNDPCeYIAJln5C5Z+7n69zcoW1/RdUxi
> iduyKB/lnXc1Be190dSsHikjXVWv2hYvbnwvn3RuGOAft29WHd/OJi+GK9qBAB57
> qdL+sl4PvlJVlWYH8hDK65FHqmZ85UYRX0nP5KsvRLbzKlNiX1rGSJPfpVSeOlK8
> 2bvSG/b4+Y4ZqmlxmLyJW5eJnMMzOHJdTf/OgUefnqic5KB1BLXygFi566lYYNMC
> d8R8RObw8Rez/9H4+cKXcbNfnN2Yh0RMwpHF8nqpU8D292kO+Koz/xhfsu9VXRfe
> DBKhCSfKdDJBNiP0zI13Y1OB5tq4SG0sKhhGCCavW+3oelT2ujyTBgB4xAyszkY=
> =U+4y
> -END PGP SIGNATURE-
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>



-- 
http://www.backbox.org
http://www.pentester.iz.rs
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unbelieveable

Re: [tor-relays] Unbelieveable

Re: [tor-relays] Unbelieveable

Re: [tor-relays] Unbelieveable

Re: [tor-relays] Unbelieveable

Re: [tor-relays] Unbelieveable

6 matches

Site Navigation

Mail list logo

Footer information