Hi,
I’m actually struggling with my monero node. I can’t have incoming connections through tor.
I run the last monero version (from binaries, verified) in whonix-18-ws, and sys-whonix-18-gateway as netVM
What I did :
-
in
sys-whonix:torrc.d/50_user.confedited to add asHiddenServiceDirand the 2HiddenServicePorts 18089and18084(with themonero-wsip) -
in
monero-ws: edited the whonix-firewall settings withEXTERNAL_OPEN_PORTS+=" 18089"and the same for18084. -
reloaded
sys-whonixtor andmonero-wsfirewall
Actually some results :
-
I can reach my xxx. onion:18089/get_info
-
sys-whonixseems to work and forward the connections to monero-ws. For testing, I installed nginx and tested the two ports 18089 and 18084 : both of them are then reachable from xxxxx .onion:18089 or xxxxx .onion:18084 (after that, I removed nginx) -
in monerod outputs : I have outcoming ipv4 and tor connections ; but no tor incoming (no ipv4 incoming connections because of a NAT)
-
on another computer, I have a monero node running without any problem on clearnet and tor, with incoming connections on both (as not behind a NAT).
I’m so pretty sure the problem comes from a misconfiguration of monerod.
Here’s my config file :
max-log-files=5
p2p-bind-ip=0.0.0.0 # Bind to all interfaces (the default)
p2p-bind-port=18080 # Bind to default port
no-igd=1 # Disable UPnP port mapping for tor or direct ip
#RPC
rpc-restricted-bind-ip=0.0.0.0 # Bind to all interfaces (the Open Node)
rpc-restricted-bind-port=18089 # Bind to a new RESTRICTED port (the Open Node)
rpc-ssl=autodetect # Use TLS if client wallet supports it; [enabled|disabled|(default)autodetect]
# ZMQ
no-zmq=1 # Disable ZMQ RPC server
max-txpool-weight=384354560 # Maximum unconfirmed transactions pool size in bytes
out-peers=32 # Default 12
in-peers=32 # The default is unlimited; we prefer to put a cap on this
limit-rate-up=48576
limit-rate-down=48576
# Tor - broadcast transactions originating from connected wallets over Tor/I2P
tx-proxy=tor,<sys-whonix-ip>:9153,12,disable_noise
anonymous-inbound=xxxxx.onion:18084,127.0.0.1:18084
disable-rpc-ban=1
print_cn output for example:
print_cn
Remote Host Type SSL Peer id Support Flags Recv/Sent (inactive,sec) State Livetime(sec) Down (kB/s) Down(now) Up (kB/s) Up(now)
OUT xxxxxxx:18080 IPv4 no aaaaaaaaaaaaaaa 1 33668(1)/30069(4) normal 52 0 0 0 0
OUT xxxxxxx:18080 IPv4 no aaaaaaaaaaaaaaa 1 104760(1)/107940(3) normal 151 0 0 0 1
OUT xxxxxxx:18080 IPv4 no aaaaaaaaaaaaaaa 1 179595(2)/179679(6) normal 254 0 0 0 0
OUT xxxxxxx:18080 IPv4 no aaaaaaaaaaaaaaa 1 339226(6)/338550(4) normal 494 0 0 0 0
OUT xxxxxxx:18080 IPv4 no aaaaaaaaaaaaaaa 1 597506(3)/568872(2) normal 861 0 0 0 0
[...]
OUT xxxxxxx:18080 IPv4 no aaaaaaaaaaaaaaa 1 1537143(1)/1496180(4) normal 2847 0 0 0 0
OUT xxxxxxx:18080 IPv4 no aaaaaaaaaaaaaaa 1 673411(18)/681223(4) normal 1164 0 1 0 0
OUT Tor no 1 0 83350(31)/55420(31) normal 226 0 0 0 0
OUT Tor no 1 0 114393(24)/70033(24) normal 701 0 0 0 0
OUT Tor no 1 0 104456(18)/70333(18) normal 859 0 0 0 0
OUT Tor no 1 0 89031(56)/30317(57) normal 260 0 1 0 0
OUT Tor no 1 0 120236(56)/71358(57) normal 1105 0 0 0 0
OUT Tor no 1 0 112466(56)/71584(57) normal 1423 0 0 0 0
OUT Tor no 1 0 120861(4)/71531(4) normal 949 0 0 0 0
OUT Tor no 1 0 123677(56)/72330(57) normal 1439 0 0 0 0
OUT Tor no 1 0 125877(43)/73828(43) normal 1629 0 0 0 0
OUT Tor no 1 0 65430(41)/45578(41) normal 140 0 0 0 1
OUT Tor no 1 0 126164(42)/75111(42) normal 2223 0 0 0 0
2026-02-13 10:22:42.384 W No incoming connections - check firewalls/routers allow port 18080
I tried to open whonix gateway firewall for the two concerned ports (just to see, because they were not requiered with nginx) :
/usr/local/etc/whonix_firewall.d/50_user.conf
EXTERNAL_OPEN_PORTS+=" 18089 "
EXTERNAL_OPEN_PORTS+=" 18084 "
But nothing changed.
Too, I tried to change the no-igd line in monerod conf file. With or without igd, nothing changes neither.
Any ideas ?
Is there something to deal with anonymous-inbound line ? p2p ports ? something else ?