Opened 13 days ago

Last modified 9 days ago

#28296 needs_information defect

Nyx shows wrong IP address for ControlPort connection

Reported by: wagon Owned by: atagar
Priority: Medium Milestone:
Component: Core Tor/Nyx Version: Tor: 0.3.4.8
Severity: Normal Keywords:
Cc: atagar Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Nyx (2.0.4 installed using python3-pip) connects to Tor's ControlPort through 127.0.0.1:9051, but in the window with circuit and other connections it shows

127.0.0.1:PORT (??) --> REAL_IP_ADDRESS:9051 nyx (XXX) + 1.8m (CONTROL)

where REAL_IP_ADDRESS is a real source IP for outgoing Tor packets to Internet. In this setup Tor is not listening at REAL_IP_ADDRESS:9051, i.e. nyx's information is confusing. Instead of real IP 127.0.0.1 must be written:

127.0.0.1:PORT (??) --> 127.0.0.1:9051 nyx (XXX) + 1.8m (CONTROL)

Child Tickets

Change History (4)

comment:1 Changed 13 days ago by wagon

Component: ApplicationsCore Tor/Nyx
Keywords: nyx removed
Reviewer: atagar

comment:2 Changed 12 days ago by atagar

Status: assignedneeds_information

Hi wagon. Localhost connections (127.0.0.1) are replaced with your externally facing IP when we can because this *is* your address to the wider world. Showing localhost would be pretty unhelpful.

Displaying either address is correct. Did you have any other questions?

comment:3 Changed 11 days ago by wagon

Localhost connections (127.0.0.1) are replaced with your externally facing IP when we can because this *is* your address to the wider world.

I think you don't understand my point. I don't speak about circuits connections, where everything is correct now. I speak about Nyx (and similar tools using ControlPort) own connections to ControlPort.

Tor daemon normally listens at 127.0.0.1:9051. Nyx initiates the connection to 127.0.0.1:9051 from, suppose, 127.0.0.1:12345. Any connections monitor such as netstat or ss (but not Nyx) will display it as

127.0.0.1:12345 -> 127.0.0.1:9051

It doesn't have any relation to public IP, which Tor is using to send its data outside.

However, indeed, you can configure your Tor to listen at public_IP:9051 (e.g., if you want to allow its control from outside). In that case local connection in ss or netstat would look like

public_IP:12345 -> public_IP:9051

In the first case writing (this is what Nyx is doing)

127.0.0.1:12345 -> public_IP:9051

is absolutely incorrect, because TCP port at the address public_IP:9051 is not open! Run ss -ltpn and you will see that.

comment:4 Changed 9 days ago by wagon

By the way: I don't know how it is handled in modern Nyx, but what is written in arm screenshot for INBOUND and OUTBOUND connections is also wrong. If some clever port/address redirection is not used at relay's side, public_IP:9001 must be written instead of localhost:9001 (similarly also for other ports). localhost is 127.0.0.1. Tor accepts inbound traffic at its public_IP, and use public_IP as a source IP for outgoing TCP packets to other relays.

Note: See TracTickets for help on using tickets.