[tor-relays] why my exit is not being used?
gustavo panizzo (gfa)
gfa at zumbi.com.ar
Mon Jan 30 15:46:54 UTC 2017
On Mon, Jan 30, 2017 at 03:12:46PM +1100, teor wrote:
>
> > On 30 Jan 2017, at 14:35, gustavo panizzo (gfa) <gfa at zumbi.com.ar> wrote:
> >
> > On Mon, Jan 30, 2017 at 12:03:40PM +1100, teor wrote:
> >
> >> Hi,
> >>
> >> Please send us your actual torrc:
> >
> > that's my actual torrc, I've only edited HashedControlPassword
>
> Then please reload your torrc so that your tor process is using it.
What I meant to say is that I edited HashedControlPassword on the email
>
> >> * your torrc has a DirPort, but your relay on atlas does not
> >> (this might be because you have a bandwidth limit set)
> >> * your torrc says IPv6Exit, but your relay on atlas does not exit to
> >> IPv6
> >
> > Port is open, tor is listening. no fw rules for IPv6
>
> That's the ORPort, an entry port.
You are right, tor wasn't listening on the DirPort on IPv6. I've fixed
that a few hours ago.
>
> You say you have IPv6Exit and an ExitPolicy set in the torrc.
I have exit rules for both, same rules apply to both protocols. An tor
knows it
Tor[22587]: tor_addr_parse_mask_ports(): '*:6881-6999' expands into
rules which apply to all IPv4 and IPv6 addresses. (Use accept/reject
*4:* for IPv4 or accept[6]/reject[6] *6:* for IPv6.)
Tor[22587]: tor_addr_parse_mask_ports(): '*:*' expands into rules which
apply to all
IPv4 and IPv6 addresses. (Use accept/reject *4:* for IPv4 or
accept[6]/reject[6] *6:* for IPv6.)
>
> But your relay does not exit to IPv6, both atlas (IPv6 Exit Policy
> Summary) and your relay's descriptor (ipv6-policy) show that it does not
> allow any IPv6 ports:
>
> https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677CE
>
> (large file)
> https://collector.torproject.org/recent/relay-descriptors/server-descriptors/2017-01-29-12-05-00-server-descriptors
>
> Either that, or there is a bug in Tor relating to IPv6 Exit policies.
> But I can't see anywhere in the code that makes the IPv6 exit policy
> dependent on anything except ExitPolicy and IPv6Exit.
>
> Are there any log entries relating to IPv6 or exit policies?
See above
[...snip...]
>
>
> Does your kernel, config, VPS, or provider place a limit on the number
> of connections?
Yes, when the relay was a non-exit relay it used to have more
connections
I'll play with sysctl to see if I can get the number to go up
>
> (Search the list archives for detailed troubleshooting steps for this.)
>
> Your relay also does not seem capable of handling much tor traffic, so
> tor clients are being told not to use it:
>
> (large page)
> https://consensus-health.torproject.org/consensus-health-2017-01-30-02-00.html#5E762A58B1F7FF92E791A1EA4F18695CAC6677CE
>
I will read it and try to make sense out of it, I'm a sysadmin but I
only have a few months of running tor experience.
thanks for your responses, I'll check the links you provided now that IPv6
DirPort is working, although it shouldn't make much difference as most
of the world is still using IPv4
--
1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333
keybase: https://keybase.io/gfa
More information about the tor-relays
mailing list