Opened 10 months ago

Closed 7 months ago

Last modified 7 months ago

#28296 closed defect (wontfix)

Nyx shows wrong IP address for ControlPort connection

Reported by: wagon Owned by: atagar
Priority: Medium Milestone:
Component: Core Tor/Nyx Version: Tor:
Severity: Normal Keywords:
Cc: atagar Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Nyx (2.0.4 installed using python3-pip) connects to Tor's ControlPort through, but in the window with circuit and other connections it shows (??) --> REAL_IP_ADDRESS:9051 nyx (XXX) + 1.8m (CONTROL)

where REAL_IP_ADDRESS is a real source IP for outgoing Tor packets to Internet. In this setup Tor is not listening at REAL_IP_ADDRESS:9051, i.e. nyx's information is confusing. Instead of real IP must be written: (??) --> nyx (XXX) + 1.8m (CONTROL)

Child Tickets

Change History (6)

comment:1 Changed 10 months ago by wagon

Component: ApplicationsCore Tor/Nyx
Keywords: nyx removed
Reviewer: atagar

comment:2 Changed 10 months ago by atagar

Status: assignedneeds_information

Hi wagon. Localhost connections ( are replaced with your externally facing IP when we can because this *is* your address to the wider world. Showing localhost would be pretty unhelpful.

Displaying either address is correct. Did you have any other questions?

comment:3 Changed 10 months ago by wagon

Localhost connections ( are replaced with your externally facing IP when we can because this *is* your address to the wider world.

I think you don't understand my point. I don't speak about circuits connections, where everything is correct now. I speak about Nyx (and similar tools using ControlPort) own connections to ControlPort.

Tor daemon normally listens at Nyx initiates the connection to from, suppose, Any connections monitor such as netstat or ss (but not Nyx) will display it as ->

It doesn't have any relation to public IP, which Tor is using to send its data outside.

However, indeed, you can configure your Tor to listen at public_IP:9051 (e.g., if you want to allow its control from outside). In that case local connection in ss or netstat would look like

public_IP:12345 -> public_IP:9051

In the first case writing (this is what Nyx is doing) -> public_IP:9051

is absolutely incorrect, because TCP port at the address public_IP:9051 is not open! Run ss -ltpn and you will see that.

comment:4 Changed 9 months ago by wagon

By the way: I don't know how it is handled in modern Nyx, but what is written in arm screenshot for INBOUND and OUTBOUND connections is also wrong. If some clever port/address redirection is not used at relay's side, public_IP:9001 must be written instead of localhost:9001 (similarly also for other ports). localhost is Tor accepts inbound traffic at its public_IP, and use public_IP as a source IP for outgoing TCP packets to other relays.

comment:5 Changed 7 months ago by atagar

Resolution: wontfix
Status: needs_informationclosed

Hi wagon. I see what you mean, you're right that it's more accurate to display your controller connection as...        -->

... rather than...        -->

That said, I still prefer the later because inbound/outbound connections display for 'me'. Either approach will cause confusion (showing because it does not match other connection types, or because the connection isn't truly with our externally facing endpoint.

Think I'm gonna opt to keep this as it is.

comment:6 Changed 7 months ago by wagon

As you said in other ticket, Nyx is for power users and developers who know what they are doing. Network terminology cannot easily be mapped to human's "inbound-outbound", and everybody got used to it. Each server can have multiple network interfaces, few virtual machines, and few address aliases. Inbound/outbound is always defined with respect to particular network interface, it is in no way related to physically outgoing packets to network. However, everybody knows, that physically outgoing packets are those which are outbound for non-virtual interfaces connected to internet physically. I see no reason why we have to redefine standard terms.

If you really want to preserve inbound/outbound as reserved terms for "inbound-outbound physically" it is better to use some reserved word instead of or It shouldn't be hostname, because hostname is alias for, but you could use "me" or similar word. Nevertheless, writing "me:9051" is also misleading, because specifying port without specifying network interface, where this port is opened, is too dumb. It is like telling house number without street name.

Since Nyx is officially supported and promoted by Tor Project, I'ld like other Tor people to participate in Nyx-related discussions too. It is not good when one person resolves everything, where no external opinion, review or appeal can be done. Please, ask somebody else to judge issue in this ticket.

Note: See TracTickets for help on using tickets.