ORport not reachable even though the system states that it is open

Achilles10101 · May 22, 2024, 8:15am

Hello. I am trying to run a relay but am running into an error in my logs which states:
Your server has not managed to confirm reachability for its ORPort(s) at 73.254.22.49:443 and [2601:601:827f:b0c7:3bee:3d42:6b35:232]:443. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
I have checked and confirmed that port 443 is open for me.
I have also found this a bit earlier in the logs:
Unable to find IPv4 address for ORPort 443. You might want to specify IPv6Only to it or set an explicit address or set Address.
Can somebody please assist me?

atari · May 22, 2024, 11:09am

Are you on a residential connection? If so, did you forward the 443 port on your router to your machine?

cozybeardev · May 22, 2024, 11:09am

Can confirm that the ipv4 443 isnt working for me either. Not sure how you’re testing? This is almost always a misconfiguration.

Felix · May 22, 2024, 11:10am

Can you please post the torrc file, the uncommented lines would be good.

So far:

ORPort 73.254.22.49:443
ORPort [2601:601:827f:b0c7:3bee:3d42:6b35:232]:443
DirPort 0

Should be it. I assume you are not forwarding or redirecting the traffic from external.

Achilles10101 · May 22, 2024, 3:26pm

Yes. I forwarded the 443 port to my machine.

Achilles10101 · May 22, 2024, 3:26pm

I have set up port forwarding to my machine from my router. This is my torrc:
RunAsDaemon 1
DirPort 9030 # what port to advertise for directory connections
#PublishServerDescriptor 0
Nickname Pandora # Change “myNiceRelay” to something you like
ContactInfo RETRACTED # Write your e-mail and be aware it will be published
ORPort 443 # You might use a different port, should you want to
ExitRelay 0
SocksPort 0

sunshinecowboy · May 22, 2024, 3:26pm

Non-root users are unable to bind to ports lower than 1024, in order to enable this you need to run the following command:

sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/tor

atari · May 22, 2024, 5:29pm

Ok, you seem to be on Comcast. They claim to do no Carrier-grade NAT. I’m not familiar with their products nor their routers.

Did you try to install a web-server listening on e.g. 80, setup a port-forwarding like for 443 and it was reachable from a mobile-phone not connected to the WiFi (using a mobile network)? Just to make sure the port-forwarding was configured correctly.

Achilles10101 · May 23, 2024, 8:55am

Will do that as soon as I can. Now apparently my logs state that:
Auto-discovered IPv6 address [2601:601:827f:b0c7:4f0c:6382:9404:670b]:443 has not been found reachable. However, IPv4 address is reachable. Publishing server descriptor without IPv6 adress.
So I think it is something with the port forwarding not being setup right.

atari · May 23, 2024, 10:11am

Yes, that sounds good. If you want the error to go away until you fixed it:

sunshinecowboy · May 24, 2024, 11:27am

It has nothing to do with port forwarding if IPV4 is reachable and IPV6 is not. This indicates your IPV6 isn’t correctly set up.

Achilles10101 · May 24, 2024, 5:53pm

Aight then, I will look into that.