[tor-relays] SocksPort flags trouble
Nick Mathewson
nickm at freehaven.net
Tue Jul 17 13:34:08 UTC 2012
On Tue, Jul 17, 2012 at 12:07 AM, Scott Bennett <bennett at cs.niu.edu> wrote:
> Hi Nick,
> On Wed, 11 Jul 2012 11:33:52 -0400 Nick Mathewson <nickm at freehaven.net>
> wrote:
>>On Sun, Jul 8, 2012 at 4:19 AM, Scott Bennett <bennett at cs.niu.edu> wrote:
>>> While testing my torrc with 0.2.3.18-rc, I tried adding the
>>> IsolateDestAddr flag to the SocksPort line, as in
>>>
>>> SocksPort 9050 IsolateDestAddr
>>>
>>> A "tor --verify-config" claimed that I was trying to specify more
>>> than one port on that line, which would be an error. Are the SocksPort
>>> flags listed in the tor man page for 0.2.3.18-rc not yet implemented?
>>
>>Just tried it with 0.2.3.18-rc (as tagged in git), using only that
>>option. It worked for me. Could you have had some other tor in your
>>path as "tor", or something like that?
>>
> No. Here's sample output.
>
> Script started on Mon Jul 16 22:56:43 2012
>
> [hellas] 74 % sudo -u _tor tor --verify-config
> Jul 16 22:57:03.186 [notice] Tor v0.2.3.18-rc running on FreeBSD.
> Jul 16 22:57:03.187 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
> Jul 16 22:57:03.211 [notice] Read configuration file "/usr/local/etc/tor/torrc".
> Jul 16 22:57:03.256 [warn] SocksListenAddress can only be used with a single SocksPort with value "auto" or 1-65535.
> Jul 16 22:57:03.256 [warn] Failed to parse/validate config: Invalid SocksPort/SocksListenAddress configuration
> Jul 16 22:57:03.256 [err] Reading config failed--see warnings above.
> [hellas] 75 % exit
> exit
>
> Script done on Mon Jul 16 22:57:42 2012
>
> Lines in torrc beginning with "Socks" are as follows.
>
> SocksPort 9050 IsolateDestAddr # what port to open for local application connections
> SocksListenAddress 127.0.0.1 # accept connections only from localhost
> SocksPolicy accept 127.0.0.1:*
> SocksPolicy accept 192.168.0.0/16:*
> SocksPolicy reject *:*
>
The problem with that is nothing about the SocksPort: it's about the
SocksListenAddress. You can't use SocksListenAddress with the new
SocksPort format. Instead you would need to say:
SocksPort 127.0.0.1:9050 IsolateDestAddr
--
Nick
More information about the tor-relays
mailing list