Re: Setting up a private tor network
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Csaba, I have seen similar error and warning messages to what you have mentioned, both with 0.1.2.17 and with 0.2.0.8-alpha. Quoting from your private mail (with your permission): I've seen in your doc that you are killing and restarting Tor instances in order to have the thing running. I have also seen a note on that, but till now I was trying to avoid that, I was hoping that there is a combination of configurations with which things start up smoothly. Before I go into the restart game, I would like to be sure if my torrc files are good or not. In PuppeTor I did not get 0.2.0.8-alpha to work in a private network setting, but only versions up to 0.2.0.7-alpha. Further, the current trunk (or what will become 0.2.0.9-alpha these days) introduces the new v3 directories that make things a little bit more complicated: The solution for building a private network with all versions up to 0.2.0.7-alpha is to periodically send HUP signals to the nodes until they start building circuits. In principal you don't have to, but it accelerates things a lot; as an example, I tried to create a private network with 2 directories and 4 routers _without_ sending HUP commands: 3 out of 10 attempts built circuits after 15 minutes and a few seconds, and the other 7 attempts took 60 minutes and a few seconds for it. The multiples of 15 minutes should come from the interval in which directory mirrors fetch networkstatuses from the directory authorities. When sending HUP signals, the whole process takes about half a minute. The reason is that directory mirrors refetch the networkstatus immediately when reloading their configuration. As a side note: proxies behave differently for this. If you want to read more, have a look at the Javadocs of PuppeTor's ProxyNode class: https://tor-svn.freehaven.net/svn/puppetor/trunk/src/de/uniba/wiai/lspi/puppetor/ProxyNode.java In 0.2.0.8-alpha-dev (and newer versions) you need to configure v3 directory authorities to get things working. There is a description how to do this here: https://tor-svn.freehaven.net/svn/tor/trunk/doc/v3-authority-howto.txt . In order to speed up the process you can configure Tor to build consensuses in shorter intervals. The following configuration worked for me: V3AuthVotingInterval 10 minutes, V3AuthVoteDelay 1 minute, V3AuthDistDelay 1 minute. Unfortunately, the process still takes about half an hour, so this is only a first solution to get it working. If you find a better solution, please let us know! After seeing PuppeTor I've realized that mine is quite similar to it in its goals, [...] First of all, it's good to have multiple approaches to this problem. We could both learn from the other approach and improve our tools. My decision to not use a virtual machine for each node was that I did not see why it should be necessary. In PuppeTor every Tor node has it's own working directory and set of ports and should not interfere with the other local Tor processes. The only output that I care about is what Tor writes to its log files. My primary motivation for writing PuppeTor was to test my developments on Tor hidden services which are rather high-level in Tor. However, when it comes to lower levels, like sniffing or altering packets, my approach might be too limited. I'm not sure about that, because I rarely used that. Thus, there is room for other approaches! :) - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHH2+h0M+WPffBEmURAkpEAKC3NsvLDFvc4uu52OwYEPSSBy84kQCgnnOk g+jjUhZrPXutUSQ0hIIcSPs= =520x -END PGP SIGNATURE-
Re: Having trouble setting up TOR server behind firewall...
It sounds like you haven't enabled port forwarding on your firewall. Even if the ports are unblocked, the traffic might not go to the server. You need to forward all traffic coming to the firewall on ports 9001 and 9030 to your tor server. Comrade Ringo Kamens On 10/23/07, algenon flower [EMAIL PROTECTED] wrote: Hello experienced TOR ppl, I am trying to set up a TOR server on Linux Redhat Enterprise v5,, I am using a Linksys hardware firewall that does have NAT and have modified the system to open ports 9001-9031. I have just installed TOR and Vidalia for Redhat on my system,and, using Vidalia configured TOR ot act as a server. My problem is: (TOR log below) Oct 22 20:45:19.089 [Notice] Tor v0.2.0.7-alpha (r11572). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Oct 22 20:45:29.624 [Notice] Tor has successfully opened a circuit. Looks like client functionality is working. Oct 22 20:45:29.769 [Notice] Now checking whether ORPort 24.22.67.176:9001 and DirPort 24.22.67.176:9030 are reachable... (this may take up to 20 minutes -- look for log messages indicating success) Oct 22 20:46:37.127 [Warning] eventdns: All nameservers have failed Oct 22 20:46:37.299 [Notice] eventdns: Nameserver 68.87.69.146 is back up Oct 22 20:47:29.326 [Notice] Freeing linked Socks connection [waiting for circuit] with 65 bytes on inbuf, 0 on outbuf. Oct 22 20:54:35.222 [Notice] Freeing linked Socks connection [waiting for circuit] with 65 bytes on inbuf, 0 on outbuf. Oct 22 21:00:39.050 [Notice] Freeing linked Socks connection [waiting for circuit] with 65 bytes on inbuf, 0 on outbuf. Oct 22 21:05:25.858 [Warning] Your server (24.22.67.176:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Oct 22 21:05:25.876 [Warning] Your server (24.22.67.176:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. *** To simplify things, I have disabled Redhat's software firewall, to make sure it is not causing the problem. I am a little unsure I have configured my firewall to accept traffic on ports 9001 and 9030,, I can supply info from the firewall to whomever is interested in helping. Does anyone have any good ideas about how I can get my TOR server up what the problem is?? Love to hear,,, Algenon __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Hello Ringo Kamens,,, Having trouble setting up TOR server behind firewall...
Hello Ringo Kamens Nice to hear from you, and thank you for your response. I am running RHEL v5, and a Linksys hardware firewall. I do not know yet how to configure port forwarding, am going to check with firewall settings to see if port forwarding is available there and confirm that I have entered the right IP of my RHEL system behind the firewall. I will reply with updated news, thanks for reply, hope ppl stay interested.,,:),, Algenon Ringo Kamens [EMAIL PROTECTED] wrote: It sounds like you haven't enabled port forwarding on your firewall. Even if the ports are unblocked, the traffic might not go to the server. You need to forward all traffic coming to the firewall on ports 9001 and 9030 to your tor server. Comrade Ringo Kamens On 10/23/07, algenon flower wrote: Hello experienced TOR ppl, I am trying to set up a TOR server on Linux Redhat Enterprise v5,, I am using a Linksys hardware firewall that does have NAT and have modified the system to open ports 9001-9031. I have just installed TOR and Vidalia for Redhat on my system,and, using Vidalia configured TOR ot act as a server. My problem is: (TOR log below) Oct 22 20:45:19.089 [Notice] Tor v0.2.0.7-alpha (r11572). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Oct 22 20:45:29.624 [Notice] Tor has successfully opened a circuit. Looks like client functionality is working. Oct 22 20:45:29.769 [Notice] Now checking whether ORPort 24.22.67.176:9001 and DirPort 24.22.67.176:9030 are reachable... (this may take up to 20 minutes -- look for log messages indicating success) Oct 22 20:46:37.127 [Warning] eventdns: All nameservers have failed Oct 22 20:46:37.299 [Notice] eventdns: Nameserver 68.87.69.146 is back up Oct 22 20:47:29.326 [Notice] Freeing linked Socks connection [waiting for circuit] with 65 bytes on inbuf, 0 on outbuf. Oct 22 20:54:35.222 [Notice] Freeing linked Socks connection [waiting for circuit] with 65 bytes on inbuf, 0 on outbuf. Oct 22 21:00:39.050 [Notice] Freeing linked Socks connection [waiting for circuit] with 65 bytes on inbuf, 0 on outbuf. Oct 22 21:05:25.858 [Warning] Your server (24.22.67.176:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Oct 22 21:05:25.876 [Warning] Your server (24.22.67.176:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. *** To simplify things, I have disabled Redhat's software firewall, to make sure it is not causing the problem. I am a little unsure I have configured my firewall to accept traffic on ports 9001 and 9030,, I can supply info from the firewall to whomever is interested in helping. Does anyone have any good ideas about how I can get my TOR server up what the problem is?? Love to hear,,, Algenon __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Compile Error with svn rev. 12170
compat.c: In function `tor_mmap_file': compat.c:254: error: `e' undeclared (first use in this function) compat.c:254: error: (Each undeclared identifier is reported only once compat.c:254: error: for each function it appears in.) make[3]: *** [compat.o] Error 1 -- Li-Hui Zhou [EMAIL PROTECTED]
Re: Compile Error with svn rev. 12170
On Thu, Oct 25, 2007 at 10:50:59AM +0800, Li-Hui Zhou wrote: compat.c: In function `tor_mmap_file': compat.c:254: error: `e' undeclared (first use in this function) compat.c:254: error: (Each undeclared identifier is reported only once compat.c:254: error: for each function it appears in.) make[3]: *** [compat.o] Error 1 Thanks! I think I just fixed this; let me know if it's still broken? yrs, -- Nick Mathewson pgpfc3jzVj8sk.pgp Description: PGP signature
Re: Compile Error with svn rev. 12170
On Wed, 24 Oct 2007 22:53:58 -0400 Nick Mathewson [EMAIL PROTECTED] wrote: On Thu, Oct 25, 2007 at 10:50:59AM +0800, Li-Hui Zhou wrote: compat.c: In function `tor_mmap_file': compat.c:254: error: `e' undeclared (first use in this function) compat.c:254: error: (Each undeclared identifier is reported only once compat.c:254: error: for each function it appears in.) make[3]: *** [compat.o] Error 1 Thanks! I think I just fixed this; let me know if it's still broken? You're right, latest svn have no problem now. :) -- Li-Hui Zhou [EMAIL PROTECTED]