Hi,

I’ve just installed tor ( 0.4.5.16 )

When I launch it ( debian fork ) I’m stuck at

Opened Socks listener connection (ready) on 127.0.0.1:9050

I have a strong set of nftables maybe that what block it ?

What should open in order to have tor connect ?

Thanks.

  • Gordon_F@lemmy.mlOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 month ago

    Thank you very much @qprimed@lemmy.ml ! indeed I saw in my nftables log tentative to 443 and 9001. ( I didn’t find this in the tor doc … )

    9050 is your socks proxy - so protect it. if your nftables is blocking localhost:9050/TCP then you need to correct that.

    is this will do : ip saddr 127.0.0.1 ip daddr 127.0.0.1 accept ?

    • qprimed@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 month ago

      that will work. always test your FW rules after a change. never just trust it.

      netcat is your friend for a quick test to port 9050/TCP from a different PC if you are listening on more than just the loopback. careful with the loopback source addy AFAIK there is no guarantee that local host traffic to 127.0.0.1 will be sourced from 127.0.0.1 - I may be wrong here, but be safe.

      regardless, depending on your rules, you will either get a timeout, instant connection reset or connect. obviously connect is bad if you think the traffic should be blocked, refusal is ok as long as the daemon is actually running (FW on a non-listening port can generate a TCP RST so its somewhat ambiguous), timeout is best as you know as long as the host is up, the FW is likely dropping traffic.

      a more comprehensive test against any local host would be done with nmap.

      sounds like you are poking things with a stick - thats awesome! happy to help :-)

      edit: clarify loopback.