Reconfig ORPort 9001 to 443


last year
I have been running a tor relay configured to use ORPort 9001 for a a while now. I have read that it would be better to use port 443. I reconfigured torrc to use orport 443 and iptables to allow 443 in. The computer is a Raspberry Pi running linux and is the only computer on this IP address (there is no router).
After reloading the config file the tor relay failed with the following log message:

Nov 04 08:36:47.000 [notice] Received reload signal (hup). Reloading config and resetting internal state.
Nov 04 08:36:47.000 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Nov 04 08:36:47.000 [notice] Read configuration file "/etc/tor/torrc".
Nov 04 08:36:47.000 [notice] Opening OR listener on 0.0.0.0:443
Nov 04 08:36:47.000 [warn] Could not bind to 0.0.0.0:443: Permission denied
Nov 04 08:36:47.000 [notice] Closing no-longer-configured OR listener on 0.0.0.0:9001
Nov 04 08:36:47.000 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
Nov 04 08:36:47.000 [err] Reading config failed--see warnings above. For usage, try -h.
Nov 04 08:36:47.000 [warn] Restart failed (config error?). Exiting.


I have reconfigured back to 9001 and it is working again, but but am wondering what went wrong and if I should just leave it at 9001.

Noticing the 0.0.0.0:443 in the above log, I have never specified an IP address and it has worked fine for more than a year. Perhaps I need to specify if using 443?

I am hoping that the relay will be running for a long time and therefore could become a guard relay, and I thought 443 would be better for that.

Thanks for any guidance.
Rees

last year
I shut down the relay and restarted it using the orport 443 modification and it is now working fine. I guess not surprisingly, the relay must be stopped and restarted for something like a port change.

Of note was that for the first hour so there was lots of traffic attempting to come in on 9001 - several thousand syn packets - perhaps until the other relays got the new information.

Anyway, it is now working fine.

Reply

You are not logged in. Login or register to reply on this thread.