Iptables and PortForwarding on your Tor(ified) RaspberryPi

If you run the Relay without checking the open ports, there is a huge chance that Tor won't start properly. After getting the error, it's time to change some Iptablables rules, and to restart Tor.


IDENTIFY THE IP

[root@localhost tor-0.4.0.5]# ifconfig eth0 eth0: flags=4163 mtu 1500 inet 192.168.0.6 netmask 255.255.255.0 broadcast 192.168.0.255 inet6 fe80::363e:91f8:2a15:466d prefixlen 64 scopeid 0x20 ether b8:27:eb:90:a2:b8 txqueuelen 1000 (Ethernet) RX packets 352 bytes 30890 (30.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 229 bytes 30860 (30.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost tor-0.4.0.5]#

[root@localhost tor-0.4.0.5]# ifconfig eth0 |grep -w inet | awk '{print $2}' 192.168.0.8 [root@localhost tor-0.4.0.5]#


[jolek78@jolek78-rpi3 ~]$ Jul 15 19:42:47.372 [notice] Tor 0.4.0.5 running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2k-fips, Zlib 1.2.7 [....] Jul 15 19:44:48.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit Jul 15 19:44:53.000 [notice] Bootstrapped 100% (done): Done Jul 15 19:44:53.000 [notice] Now checking whether ORPort [....] 82.xxx.xxx.xxx9001 is reachable... (this may take up to 20 minutes — look for log messages indicating success) [....] Jul 15 20:04:48.000 [warn] Your server (82.xxx.xxx.xxx:9001) has not managed to confirm that its ORPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. <<<<<<<<<


FORWARD ON YOUR ROUTER THE FOLLOWING PORTS

9050 /9051 9001


VERIFY THE STATUS OF YOUR FIREWALL

[root@localhost tor-0.4.0.5]# systemctl status firewalld ● firewalld.service – firewalld – dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Sat 6 Jul 17:50:50 BST 2019; Docs: man:firewalld(1) Main PID: 1119 (firewalld) CGroup: /system.slice/firewalld.service └─1119 /usr/bin/python -Es /usr/sbin/firewalld —nofork —nopid


OPEN PORTS

[jolek78@jolek78-rpi3 ~]$ cat /etc/services |grep -wE “9050|9051” versiera 9050/tcp # Versiera Agent Listener fio-cmgmt 9051/tcp # Fusion-io Central Manager Service [jolek78@jolek78-rpi3 ~]$ cat /etc/services |grep -wE “9000” cslistener 9000/tcp # CSlistener cslistener 9000/udp # CSlistener

[jolek78@jolek78-rpi3 ~]$ sudo firewall-cmd —add-port=9050/tcp —permanent [jolek78@jolek78-rpi3 ~]$ sudo firewall-cmd —add-port=9051/tcp —permanent [jolek78@jolek78-rpi3 ~]$ sudo firewall-cmd —add-port=9001/tcp —permanent [jolek78@jolek78-rpi3 ~]$ sudo firewall-cmd —add-port=9001/udp —permanent

[jolek78@jolek78-rpi3 ~]$ sudo firewall-cmd —reload


RESTART TOR

[jolek78@jolek78-rpi3 ~]$ ps -ef |grep -w tor jolek78 11485 24166 26 19:42 pts/3 00:07:53 tor jolek78 13577 24166 0 20:13 pts/3 00:00:00 grep —color=auto -w tor

[jolek78@jolek78-rpi3 ~]$ kill -9 11485

[jolek78@jolek78-rpi3 ~]$ tor & [1] Done tor [....] Jul 15 20:41:49.739 [notice] Tor 0.4.0.5 running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2k-fips, Zlib 1.2.7, [....] 82.xxx.xxx.xxx:9001 is reachable... (this may take up to 20 minutes — look for log messages indicating success) [....] Jul 15 20:44:09.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. <<<<<<<<<<<<<<<<<<<<<<<< Jul 15 20:44:12.000 [notice] Performing bandwidth self-test...done.


Music: Close To You (feat. Velvet) Artist: Raab Christian || Album Single

— Jolek78