Hello Tor community,
I’m a new relay operator and my relay doesn’t seem to be reachable. The logs show it’s binding to ports correctly, but it’s stuck at [WARN] Your server has not managed to confirm reachability for its ORPort(s) at "my public ip":9001. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
and doesn’t progress. Here’s what I’ve done so far:
Technical setup: VPS provider’s server (recommended provider for operating tor relay or exit nodes) → My Proxmox VE installation → Debian LXC linux container → Tor
Port settings: Proxmox has one public IPv4 address, then my LXC containers are behind NAT. I’ve setup port forwarding on Proxmox from the public IP to my LXC local IP on TCP 9001 and TCP 9031. The ports are reachable from the internet, I’ve tested with multiple tools. They are open, and Tor responds.
telnet "my public ip" 9001
immediately comes up with a blank window and port scanners show the ports are open and reachable.
Please help me debugging the problem, what’s wrong with my setup?
torrc
# Proxy should be available on local network for linux containers
SocksPort 0.0.0.0:9050
DnsPort 0.0.0.0:9053
TransPort 0.0.0.0:9000
ControlPort 127.0.0.1:9051
# Logging rules
SafeLogging 1
Log notice file /var/log/tor/notices.log
Log info file /var/log/tor/info.log
# Relay settings
IPv6Exit 0
ClientUseIPv6 0
Address "my public ip"
AddressDisableIPv6 1
ORPort 9001 IPv4Only
DirPort 9031
Nickname secret
ContactInfo secret
BridgeRelay 0
ExitRelay 0
ExitPolicy reject *:*
RelayBandwidthRate 20 MB
RelayBandwidthBurst 25 MB
notices.log
Apr 29 10:30:47.000 [notice] Tor 0.4.8.16 opening log file.
Apr 29 10:30:47.174 [notice] We compiled with OpenSSL 300000f0: OpenSSL 3.0.15 3 Sep 2024 and we are running with OpenSSL 300000f0: 3.0.15. These two versions should be binary compatible.
Apr 29 10:30:47.176 [notice] Tor 0.4.8.16 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.0.15, Zlib 1.2.13, Liblzma 5.4.1, Libzstd 1.5.4 and Glibc 2.36 as libc.
Apr 29 10:30:47.176 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Apr 29 10:30:47.176 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Apr 29 10:30:47.176 [notice] Read configuration file "/etc/tor/torrc".
Apr 29 10:30:47.176 [warn] You specified a public address '0.0.0.0:9053' for DNSPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Apr 29 10:30:47.176 [warn] You specified a public address '0.0.0.0:9000' for TransPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Apr 29 10:30:47.177 [notice] Based on detected system memory, MaxMemInQueues is set to 384 MB. You can override this by setting MaxMemInQueues by hand.
Apr 29 10:30:47.179 [warn] You specified a public address '0.0.0.0:9050' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Apr 29 10:30:47.179 [warn] You specified a public address '0.0.0.0:9053' for DNSPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Apr 29 10:30:47.179 [warn] You specified a public address '0.0.0.0:9000' for TransPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.
Apr 29 10:30:47.179 [notice] Opening Socks listener on 0.0.0.0:9050
Apr 29 10:30:47.179 [notice] Opened Socks listener connection (ready) on 0.0.0.0:9050
Apr 29 10:30:47.179 [notice] Opening DNS listener on 0.0.0.0:9053
Apr 29 10:30:47.179 [notice] Opened DNS listener connection (ready) on 0.0.0.0:9053
Apr 29 10:30:47.179 [notice] Opening Transparent pf/netfilter listener on 0.0.0.0:9000
Apr 29 10:30:47.179 [notice] Opened Transparent pf/netfilter listener connection (ready) on 0.0.0.0:9000
Apr 29 10:30:47.179 [notice] Opening Control listener on 127.0.0.1:9051
Apr 29 10:30:47.179 [notice] Opened Control listener connection (ready) on 127.0.0.1:9051
Apr 29 10:30:47.179 [notice] Opening OR listener on 0.0.0.0:9001
Apr 29 10:30:47.179 [notice] Opened OR listener connection (ready) on 0.0.0.0:9001
Apr 29 10:30:47.179 [notice] Opening Directory listener on 0.0.0.0:9031
Apr 29 10:30:47.179 [notice] Opened Directory listener connection (ready) on 0.0.0.0:9031
Apr 29 10:30:47.000 [warn] Your log may contain sensitive information - you're logging more than "notice". Don't log unless it serves an important reason. Overwrite the log afterwards.
Apr 29 10:30:47.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Apr 29 10:30:47.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Apr 29 10:30:47.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Apr 29 10:30:47.000 [notice] Your Tor server's identity key fingerprint is 'secret secret'
Apr 29 10:30:47.000 [notice] Your Tor server's identity key ed25519 fingerprint is 'secret secret'
Apr 29 10:30:47.000 [notice] Bootstrapped 0% (starting): Starting
Apr 29 10:30:48.000 [notice] Starting with guard context "default"
Apr 29 10:30:52.000 [notice] Signaled readiness to systemd
Apr 29 10:30:53.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Apr 29 10:30:53.000 [notice] Opening Control listener on /run/tor/control
Apr 29 10:30:53.000 [notice] Opened Control listener connection (ready) on /run/tor/control
Apr 29 10:30:53.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Apr 29 10:30:53.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Apr 29 10:30:53.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Apr 29 10:30:53.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Apr 29 10:30:53.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Apr 29 10:30:53.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Apr 29 10:30:53.000 [notice] Bootstrapped 100% (done): Done
Apr 29 10:30:53.000 [notice] Now checking whether IPv4 ORPort "my public ip":9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Apr 29 10:33:25.000 [notice] New control connection opened.
Apr 29 10:50:53.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at "my public ip":9001. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Apr 29 11:00:34.000 [notice] New control connection opened.
Apr 29 11:10:53.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at "my public ip":9001. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Apr 29 11:30:53.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at "my public ip":9001. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Apr 29 11:50:53.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at "my public ip":9001. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Apr 29 11:59:28.000 [notice] New control connection opened.
Apr 29 12:08:05.000 [notice] New control connection opened.
Apr 29 12:10:53.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at "my public ip":9001. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.