Perplexing Tor server issues
Claude LaFrenière
climenole at gmail.com
Thu Sep 14 23:57:37 UTC 2006
Hi *Caitlin* :
> Hi all.
>
> My Tor server set-up:
>
> WinXP (SP2)
> Tor 0.1.1.23
> Privoxy 3.0.3
> Earthlink ADSL
>
> I seem to be seeing an *excessive* number of log entries of the form:
>
> Sep 14 16:03:27:562 [Notice] connection_ap_expire_beginning(): We tried
> for 15 seconds to connect to '[scrubbed]' using exit 'cbadhjkssdhjbc'.
> Retrying on a new circuit.
I guess it's not a problem. If I understand this warning message mean
that the connection was impossible via this node and Tor will try to an
other one...
>
> in addition to:
>
> Sep 14 16:10:47:375 [Warning] second_elapsed_callback(): Your server
> (68.166.243.253:9001) has not managed to confirm that its ORPort is
> reachable. Please check your firewalls, ports, address, /etc/hosts
> file, etc.
>
> Any ideas? I configured the Tor Server to have an exit node (port 80),
> server port 9001, update IP automatically, Bandwidth Limit Rates:
> (2048-6048), Accept * 80. I'm currently running the 'personal firewall'
> that ships with XP as well as 'McAfee Personal Firewall Plus'. Do I
> need to explicitly open port 9001(?) If so, can someone provide a brief
> 'run through'?
Possibly a firewall configuration problem...
1- You say you run McAfee FW AND XP [half]FW ?
You must use ONE firewall not 2...
2- If McAfee FW is a rule set firewall here some hints for you
(I'm using Look'n'Stop so you have to find the equivalence to your own FW)
Rules for the Tor server: TCP Protocol only and rules specific for tor.exe
1- Server rules:
Give an access from all ports and internet IP addresses to your local port
9001 (Tor server)
and
9030 (9030 mirror server directory) if you set Vidalia for this
This rule must be placed immediatly before the rules blocking the
incomming TCP packet with the flag SYN ...
2- Client and exit rules:
These rules must be placed AFTER the rule blocking
incomming TCP packets with the flag SYN ...
client:
from your local ports 1024 to 5000
to remote ports 9001 and 9030
To access the Tor servers
from your local ports 1024 to 5000
to remote ports 80 (Http) and 443(Https)
(This for tor.exe and Vidalia)
and give an exit for the port you set in your exit policies such as:
remote port 110 smtp
remote port 119 Nntp
and so on...
the rule is
from your local ports 1024 to 5000
to the local port corresponding to the exit policy...
Please note that the following Registry entries may be changed
for a better operation of Tor with Windows XP as far as I know:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
MaxUserPort
set the value to 10000 (this increase the number of local ports used :
default is 5000 : here is 10000. Put the same values in your FW rules...
So instead of 1024 to 5000 set to 1024 to 10000
TcpTimedWaitDelay
set the value to 30 (Means 30 seconds.this increase the speed of Fin_Wait
state of finished connection. The default value is about 4 minutes !!!)
If your FW is not a rule set FW: good luck... ;-)
Hope this help.
Let us know.
:)
--
Claude LaFrenière
More information about the tor-talk
mailing list