Opened 5 years ago

Closed 22 months ago

#11363 closed defect (not a bug)

QR,DIR ports bind to 0.0.0.0 even when I tell tor otherwise.

Reported by: jpl Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version: Tor: 0.2.4.20
Severity: Normal Keywords:
Cc: ciscoiptech@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hello,

I am running a tor middle relay on a high bandwidth connection but an running into a problem which is causing me more frustration then needed.

I have multiple virtual ip's on my servers NIC. I only want ports 9030,443 and outgoing connections to be available on 1 virtual IP. In order to accomplish that I have added the following configuration to Vidalia.

# This file was generated by Tor; if you edit it, comments will not be preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it

AccountingMax 11811160064000
AccountingStart month 1 00:00
ContactInfo tor-relay-harrry at comcast dot net
ControlPort 9051
DataDirectory C:/Users/jt/AppData/Roaming/tor
DirPort 192.223.27.139:9030
DirReqStatistics 0
ExitPolicy reject *:*
HashedControlPassword 16:0FD1F531889C1EA360F45BB687F6635983F68D781254B999BC7EDB0200
Log notice stdout
Nickname BeefTits
ORPort 192.223.27.139:443
OutboundBindAddress 192.223.27.139
RelayBandwidthBurst 30720000
RelayBandwidthRate 10240000
SocksPolicy reject *
SocksPort 9050

The problem is TOR.exe looks for the ports on my default NIC ip address of 63.251.20.61:443 and 63.251.20.61:9031

=====================================================================
Mar 29 00:03:59.678 [Notice] Now checking whether ORPort 63.251.20.61:443 and DirPort 63.251.20.61:9030 are reachable... (this may take up to 20 minutes -- look for log messages indicating success)
======================================================================
Because I have communication blocked on these ports the reach-ability test fails.
======================================================================
Mar 29 00:23:58.649 [Warning] Your server (63.251.20.61:443) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Mar 29 00:23:58.650 [Warning] Your server (63.251.20.61:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
======================================================================

Is is possible for the service to only use the ports that I am specifying? If I leave the default ports open then port 443 is open on my main server ip which I do not want.

Additionally if I have the configuration setup with the default ports set i.e not specifying an ip:port in the config in vadalia, when I click on settings/sharing the box relay traffic inside the to network (non-exit relay) is checked as expected.

As soon as I edit the configuration like I have above and specify the ip:port allocations the button goes to run as client only by itself, and it over-writes the configuration I added and defaults the configuration to specify just the ports 443 and 9031 which means bind to 0.0.0.0 i.e 63.251.20.61

Question is there a way to specify outgoing and incoming port allocations to one virtual ip on the IP Stack?

Why is it using the default ip when I am specifically telling it not to do so.

I also see the ports being used in the sniffer output so the software is ignoring my configuration for port:ip bindings.

Thanks,

Justin

Child Tickets

Change History (5)

comment:1 Changed 5 years ago by jpl

And here it is with the default settings which works fine, its only when I try to specify the incoming port:ip associations to something other then 0.0.0.0

Mar 29 00:31:10.211 [Notice] Now checking whether ORPort 63.251.20.61:443 and DirPort 63.251.20.61:9030 are reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Mar 29 00:31:10.973 [Notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Mar 29 00:31:11.543 [Notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
Mar 29 00:31:11.543 [Notice] Not advertising DirPort (Reason: AccountingMax enabled)
Mar 29 00:31:13.837 [Notice] Performing bandwidth self-test...done.

comment:2 Changed 5 years ago by jpl

When I use the default ports in the config 443 is open for attack on my main server IP.

Status Port Name Result Time (ms)

x 21 ftp An operation was attempted on something that is not a socket 63.251.20.61:21 0
x 22 ssh An operation was attempted on something that is not a socket 63.251.20.61:22 0
x 23 telnet An operation was attempted on something that is not a socket 63.251.20.61:23 0
x 25 smtp An operation was attempted on something that is not a socket 63.251.20.61:25 0
x 53 dns An operation was attempted on something that is not a socket 63.251.20.61:53 0
x 80 http An operation was attempted on something that is not a socket 63.251.20.61:80 0
x 110 pop3 An operation was attempted on something that is not a socket 63.251.20.61:110 0
x 143 imap An operation was attempted on something that is not a socket 63.251.20.61:143 0
x 139 netbios An operation was attempted on something that is not a socket 63.251.20.61:139 0
x 389 ldap An operation was attempted on something that is not a socket 63.251.20.61:389 0
ok 443 https Success 42
x 587 msa-outlook Timeout 0
x 1352 lotus notes An operation was attempted on something that is not a socket 63.251.20.61:1352 0
x 1433 sql server Timeout 0
x 3306 my sql Timeout 0
x 3389 remote desktop Timeout 0
x 8080 webcache An operation was attempted on something that is not a socket 63.251.20.61:8080 0

comment:3 Changed 5 years ago by nickm

Milestone: Tor: 0.2.4.x-finalTor: unspecified

Try setting the Address configuration option as well?

comment:4 Changed 5 years ago by nickm

Milestone: Tor: unspecified

Removing tickets with non-Tor components from "Tor:Unspecified"

comment:5 Changed 22 months ago by teor

Component: Archived/VidaliaCore Tor/Tor
Resolution: not a bug
Severity: Normal
Status: newclosed

For the record, this user needed to set the Address option.

Note: See TracTickets for help on using tickets.