New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable SSH access from the Internet, Permanently until disabled again - Does not persist after reboot && Problems to remotely connect to Tor's Control Port #46
Comments
Until this issue can be fixed, Is there a way I can perform ths action manually so that it persists after reboot? I can't figure out where the access is being restricted. |
Hello bhafer To fix the bug on your system, do the following steps:
|
Thank you. That worked! On a port-related note... And I apologize because I do not know where to open a support/forum thread... I am not able to connect to 9051 with telnet from the nat/lan side, and I do not know what the password is, although I see a hashed value in torrc. Thank you, and if this is the wrong place to ask, I would appreciate being scolded towards the right direction. :-) |
For what reason do you need port 9150? SOCKS v5 on TorBox is at port 9050 and at 9051 with destination address stream isolation (new at 9052, see under "Known problems and bugs" in the Blog article "TorBox v.0.4.0 released — welcome TorBox Wireless Manager!"). There is no password needed for these two SOCKS v5 ports. The hashed value in torrc is for the control port at 9051. Usually, it is unnecessary to change that password, but you have this possibility with entry 3 in the configuration sub-menu. See also this FAQ entry to learn more about using TorBox’s SOCKS v5 proxy functionality. |
You are correct I mistyped the number! (Corrected) I am referring to this part of the torrc file:
From windows cmd (on the LAN side), I get this:
(Note that port 22 is successfully reachable.) Thank you |
Could you please copy and paste all the |
Certainly. Thank you.
|
Ok... the problem is that, so far, the idea was that the control port is only used locally on the TorBox itself (for example, for statistics). If you want to use it from the LAN side, then let's try the following command:
If you want to have it permanent (after rebooting the TorBox, but not after changing the configuration in the main menu), additionally, execute the following command: If you didn't change the hashed password, then it is still With the next version, I will probably add the possibility to access Tor's control port from the client-side. |
I ran: But I still cannot connect from the lan:
Iptables contains: (eth0 is the wan and wlan0 is the lan)
|
Try |
Sorry I can't be more helpful, but that still isn't working.
|
Did you try You could also try Unfortunately, I cannot test these possibilities by myself because I'm currently on the move. |
Thank you for all the help. I did in fact try these 2 together:
Something else must be going on. I still get this from the lan:
It also fails from the wan. But it works with Here is the full iptables output in case it is helpful. I did not modify anything else except SSH access from Internet.
|
Don't try PREROUTING and INPUT together. If PREROUTING alone doesn't work, try INPUT without the PREROUTING. |
Even with the following rule alone and no nat rule, I could not telnet from the lan or wan. |
Hmm... I'don't have any other idea right now, but will look into it in more detail in the next days. |
I think I found the problem... This rule is blocking connections:
I deleted that rule and could connect. But I assume that is not the proper way to solve the problem. ;-) Thanks for all your help! |
My note to that rule is "Access on the box's own IP should be granted", and so far, that rule took care that clients could connect to TorBox (SSH, for example). However, also here, that should be probably better an INPUT than a PREROUTING rule. I will check that out in the following days. |
I did a test. I deleted that rule and could not establish a new SSH connection even from the lan side. But existing connections continued working. |
Ok, we have to solve the problem from a different angle. Then authenticate in telnet with your password. For example (see also "TC: A Tor control protocol (Version 1)"): That should give you a |
Great. I was thinking along those lines as well, but telnet was not installed on Torbox. Then, I got this: (No I never changed the control port password in Torbox)
But then I did change it (to "CHANGE-IT"), and got this:
EDIT: Note, this was with the out-of-the-box iptables. |
OK. I've solved it! As we suspected, something else was going...
My torrc now contains:
No iptables changes were ultimately needed. Now can connect from the lan using: |
UPDATE: Oh, I just saw that you solved it already. 👍😀 I'm starting to get the feeling we're a spiritual brothers. 😀 Today, I took my TorBox, a lot of time, and checked systematically all involved configurations.
Conclusion I will also fix this issue with some other stuff in the following days and push it to the GitHub repository so that it can be easily updated with entry 5 in the update and reset sub-menu. |
Haha Jinx! Not sure why I had to change password to connect with CHANGE-IT. Maybe I made an error along the way. Love this tool so much! It's amazing. Thank you. |
|
Steps to Reproduce:
Expected Results: SSH is still enabled from the Internet
Actual Results: SSH is disabled after reboot
The text was updated successfully, but these errors were encountered: