Opened 13 days ago

Last modified 9 days ago

#28296 needs_information defect

Nyx shows wrong IP address for ControlPort connection

Reported by: wagon Owned by: atagar
Priority: Medium Milestone:
Component: Core Tor/Nyx Version: Tor:
Severity: Normal Keywords:
Cc: atagar Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Nyx (2.0.4 installed using python3-pip) connects to Tor's ControlPort through, but in the window with circuit and other connections it shows (??) --> REAL_IP_ADDRESS:9051 nyx (XXX) + 1.8m (CONTROL)

where REAL_IP_ADDRESS is a real source IP for outgoing Tor packets to Internet. In this setup Tor is not listening at REAL_IP_ADDRESS:9051, i.e. nyx's information is confusing. Instead of real IP must be written: (??) --> nyx (XXX) + 1.8m (CONTROL)

Child Tickets

Change History (4)

comment:1 Changed 13 days ago by wagon

Component: ApplicationsCore Tor/Nyx
Keywords: nyx removed
Reviewer: atagar

comment:2 Changed 12 days ago by atagar

Status: assignedneeds_information

Hi wagon. Localhost connections ( are replaced with your externally facing IP when we can because this *is* your address to the wider world. Showing localhost would be pretty unhelpful.

Displaying either address is correct. Did you have any other questions?

comment:3 Changed 11 days ago by wagon

Localhost connections ( are replaced with your externally facing IP when we can because this *is* your address to the wider world.

I think you don't understand my point. I don't speak about circuits connections, where everything is correct now. I speak about Nyx (and similar tools using ControlPort) own connections to ControlPort.

Tor daemon normally listens at Nyx initiates the connection to from, suppose, Any connections monitor such as netstat or ss (but not Nyx) will display it as ->

It doesn't have any relation to public IP, which Tor is using to send its data outside.

However, indeed, you can configure your Tor to listen at public_IP:9051 (e.g., if you want to allow its control from outside). In that case local connection in ss or netstat would look like

public_IP:12345 -> public_IP:9051

In the first case writing (this is what Nyx is doing) -> public_IP:9051

is absolutely incorrect, because TCP port at the address public_IP:9051 is not open! Run ss -ltpn and you will see that.

comment:4 Changed 9 days ago by wagon

By the way: I don't know how it is handled in modern Nyx, but what is written in arm screenshot for INBOUND and OUTBOUND connections is also wrong. If some clever port/address redirection is not used at relay's side, public_IP:9001 must be written instead of localhost:9001 (similarly also for other ports). localhost is Tor accepts inbound traffic at its public_IP, and use public_IP as a source IP for outgoing TCP packets to other relays.

Note: See TracTickets for help on using tickets.