Okay, you planted some doubt. This is a quote what my peer wrote me about the
issue, I hope it is ok to quote, contains no personal or sensitive info,
emphasis added:
> Comcast/Xfinity! has a bumpy past with tor. They periodically block it, get
> yelled out by their subscribers and the media, then unblock it. At this
> moment, outgoing tor is working. That is I am able to put the Brave browser
> in tor mode. But, because of the intermittent interruptions, I've given up on
> using tor when running behind my ISP.
Outgoing tor is working - so he has to be able to connect to some relay, not
necessarily all of them. Or he configured a tor bridge because of past problems
and forgot about it?
> Are you sure that port forwarding To your relay is reliably working and that
> some "security feature" in your Comcast modem/router isn't causing the
> problem? I haven't researched any reports of Comcast blocking so I can't
> speak to any other anecdotal reports of said blocking. I sure hope it isn't
> the case. If it is, I'll certainly drop them in a flash too.
Well, I am not in the US, no Comcast here :), and running OpenWrt on my router.
My peer is Comcast customer. I was connected to > 100 lighting nodes while not
able to connect to my Comcast peer. I did not check specifically, my lightning
node should be reachable by IPv4, IPv6 and tor/onion, so in theory there could
have been no inbound IPv4 connection while having > 100 connections. But not
likely. I think I either checked my fail2ban-client banned, or turned off
fail2ban.
Still, there could be some DDoS protection on my Comcast peer's end. To
corroborate: lightning nodes need to be connected, they try to reconnect
frequently to all their "neighbours". I myself see that when I take my
lightning daemon offline for just 10 minutes, many IP addresses end in my
fail2ban list. So my Comcast peer could have just taken his node offline, his
router would see too many connection attempts from me and consider it DoS and
ban me. Still, I would expected to be unbanned after some time, and this does
not seem to happen, so this would be argument against DDoS protection.
For reference, this is my fail2ban's jail.local, perhaps too aggressive:
[lnd]
enabled = true
ports = 9735:9736
filter = lnd
logpath = ...
maxretry = 4
[lnd-repeat]
enabled = true
ports = 9735:9736
filter = lnd
logpath = ...
maxretry = 12
findtime = 1h
bantime = 1h
I'll test again by starting tor middle relay, and check inbound IPv4
connections, should bring some results in a few hours.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
