Re: [tor-relays] Is the public information for relays trustable?
It's not clear what you're asking. What "information" exactly. Etc. Please put each question in one paragraph or line dedicated to that question. If reaching the DA's is the only blockage, you should be able to setup your host's routing table and packet filters to send the DA's ip traffic to them over bridge or vpn. Probably no one has really tested that yet. And there may surely be other issues to investigate. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor ContactInfo generator
Ian, the Python code is here: https://github.com/erans/torcontactinfoparser Eran On Sat, Nov 10, 2018 at 3:03 PM Eran Sandler wrote: > I'll put it in a repo soon. I haven't published it yet. > > Eran > > On Sat, Nov 10, 2018, 9:25 AM Iain Learmonth >> Hi Eran, >> >> On 10/11/18 17:02, Eran Sandler wrote: >> > I did this code with Python that parses and validates it. I can make >> > something quickly in JS for that as well. >> >> Awesome. (: >> >> Where was the Python code? That might be useful for another project I am >> working on. >> >> Thanks, >> Iain. >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] How To Update The Tor Expert Bundle To Tor 0.3.4.9
Hello, So I am running an obfscated bridge on Windows 10 via the tor expert bundle, which, even when I tried downloading it today, is running tor 0.3.4.8. I was unaware that tor 0.3.4.9 had been released due to this. Do to being away from where the relay is running, I will not be able to update it for about 4 days, but how could I update the tor expert bundle to tor 0,3,4,9? How could I update the tor expert bundle to the newest tor in general? Thank you. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Is the public information for relays trustable?
Hi, I just asked a superset of this question to the IRC channel - But I want to be able to better refer to the subset that wasn't answered there ;-) I am working together with some other people to increase the number of relays in Mexico. We have finally started to increase the number - from our usual two active relays to four, still WAY too low, but it's a beginning: https://metrics.torproject.org/rs.html#search/country:mx But there are some issues / questions bugging me: When we set out to pursue this, we faced the reality that most Mexican ISPs block Tor relays in some way or another: The main ISP in the country (Telmex / Infinitum / Uninet, depending on the business branch in question) blocks all communication to seven of the dirauths, thereby making it impossible to operate a relay (although bridges do work); many other ISPs employ a set of nested NAT systems, making it impossible for external computers to reach a server inside it... However, we have at least one relay claiming to be from Uninet (5F6E720D7F0A95D6276B6F6DF8C210735A331B9D - Not currently online, but made it to the consensus at least at several points over the past months). We also have some in an ISP that gives addresses behind multiple layers of NAT and are unworkable (FF3FF664B0811B2E3C237BECA4382966AD9E393C, 6E483A91105C647A65ED04E1CB637AAD84F5943F) So... Is this information right? Can this be in some way spoofed? How should I interpret this? Thanks, signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] notices.log: "[warn] Rejecting DNS request from disallowed IP"
Great - I think that's it! For whatever reason I had a "SocksPolicy reject *" in my torrc and I did not relate it to the DNSPort config. I removed it and everything seems to be working fine right away. Many thanks! ‐‐‐ Original Message ‐‐‐ On Friday, 23. November 2018 13:05, teor wrote: > > > > On 23 Nov 2018, at 21:20, petra...@protonmail.ch wrote: > > Hi, > > on a small server I did try to force local DNS requests to the local Tor > > via iptables/ferm (Nat, Output-Chain, protocol udp dport domain REDIRECT > > to-ports 5300). Torrc has the following included: 'DNSPort 127.0.0.1:5300'. > > Unfortunately, it doesn't work as expected, but I get a warning in Tor's > > notices.log stating "[warn] Rejecting DNS request from disallowed IP" for > > each DNS request and even after hours of searching around and trying > > different configs I could't find the root cause yet. > > This warning comes from the socks policy check: > https://github.com/torproject/tor/blob/a1b0283040723474377a5746dbd01782a9b7eaa7/src/feature/client/dnsserv.c#L84 > > > Question: what does "disallowed IP" really mean, i.e. what IPs are allowed > > by Tor and which ones are not? Any ideas and hints on how to investigate > > further are highly welcome! :-) > > You're right, the documentation and logging isn't great here. > > I opened a ticket to fix it: > https://trac.torproject.org/projects/tor/ticket/28597#comment:2 > > Have you set the SocksPolicy option? > > SocksPolicy policy,policy,… > Set an entrance policy for this server, to limit who can connect to the > SocksPort and DNSPort ports. The policies have the same form as exit policies > below, except that port specifiers are ignored. Any address not matched by > some entry in the policy is accepted. > > https://www.torproject.org/docs/tor-manual.html.en > > T ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] notices.log: "[warn] Rejecting DNS request from disallowed IP"
> On 23 Nov 2018, at 21:20, petra...@protonmail.ch wrote: > > Hi, > on a small server I did try to force local DNS requests to the local Tor via > iptables/ferm (Nat, Output-Chain, protocol udp dport domain REDIRECT to-ports > 5300). Torrc has the following included: 'DNSPort 127.0.0.1:5300'. > > Unfortunately, it doesn't work as expected, but I get a warning in Tor's > notices.log stating "[warn] Rejecting DNS request from disallowed IP" for > each DNS request and even after hours of searching around and trying > different configs I could't find the root cause yet. This warning comes from the socks policy check: https://github.com/torproject/tor/blob/a1b0283040723474377a5746dbd01782a9b7eaa7/src/feature/client/dnsserv.c#L84 > Question: what does "disallowed IP" really mean, i.e. what IPs are allowed by > Tor and which ones are not? Any ideas and hints on how to investigate further > are highly welcome! :-) You're right, the documentation and logging isn't great here. I opened a ticket to fix it: https://trac.torproject.org/projects/tor/ticket/28597#comment:2 Have you set the SocksPolicy option? SocksPolicy policy,policy,… Set an entrance policy for this server, to limit who can connect to the SocksPort and DNSPort ports. The policies have the same form as exit policies below, except that port specifiers are ignored. Any address not matched by some entry in the policy is accepted. https://www.torproject.org/docs/tor-manual.html.en T signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] notices.log: "[warn] Rejecting DNS request from disallowed IP"
Hi, on a small server I did try to force local DNS requests to the local Tor via iptables/ferm (Nat, Output-Chain, protocol udp dport domain REDIRECT to-ports 5300). Torrc has the following included: 'DNSPort 127.0.0.1:5300'. Unfortunately, it doesn't work as expected, but I get a warning in Tor's notices.log stating "[warn] Rejecting DNS request from disallowed IP" for each DNS request and even after hours of searching around and trying different configs I could't find the root cause yet. Question: what does "disallowed IP" really mean, i.e. what IPs are allowed by Tor and which ones are not? Any ideas and hints on how to investigate further are highly welcome! :-) to___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays