I need help about a SocksPolicy scenario

Hello,
I want IP addresses in the range of 192.168.0.0/24 to not be able to connect to the Tor, but 192.168.1.100 and other IP address ranges can connect to the Tor. How should I configure SocksPolicy?

Thank you.

You asked the same on July 2023

1 Like

If you wrote it correctly, it should be like this:

SocksPolicy reject 192.168.0.0/24,accept *

If you were mistaken and meant 192.168.0.0/16, then it should be like this:

SocksPolicy accept 192.168.1.100,reject 192.168.0.0/16,accept *

Let me remind you of the main CIDR ranges (IP - 1.2.3.4):

CIDR MASK RANGES COUNT
/32 1.2.3.4 1.2.3.4 - 1.2.3.4 1
/24 1.2.3.* 1.2.3.0 - 1.2.3.255 256
/16 1.2.*.* 1.2.0.0 - 1.2.255.255 65,536
/8 1.*.*.* 1.0.0.0 - 1.255.255.255 16,777,216
/0 *.*.*.* 0.0.0.0 - 255.255.255.255 4,294,967,296

Also, to allow other IP address ranges to connect to your proxy, use port listening on all interfaces:

SOCKSPort 0.0.0.0:9050

or only on selected interfaces:

SOCKSPort 127.0.0.1:9050
SOCKSPort 192.168.1.100:9050
1 Like

Hello,
Thank you so much for your reply.
Why did you choose socksport 192.168.1.100:9050?
If I use socksport 192.168.1.200:9050, then:

SocksPolicy accept 192.168.1.100, 192.168.1.200, reject 192.168.0.0/16, accept *

Am I right?

Hello,
Thank you so much for your reply.
No this question is different!

This is just an example, you have to set your network parameters…

I don’t know what your goals are and what your network settings are, so I can’t say for sure, don’t take everything I write literally!
Before asking a question, just set it up and check the result. Tor will give you an error with this SocksPolicy because you can’t list items without accepting/rejecting at the beginning of each list item. This will be correct:

SocksPolicy accept 192.168.1.100, accept 192.168.1.200, reject 192.168.0.0/16,  accept *
1 Like

Hello,
Thanks again.
The Tor is running on the following address:

SocksPort 192.168.1.200:9050

And I want 192.168.1.100 and other IP addresses except the 192.168.0.0/16 range to be able to connect to the server, So:

SocksPolicy accept 192.168.1.100, accept 192.168.1.200, reject 192.168.0.0/16,  accept *

Is it correct?

Yes, but if you do not use a proxy on the server machine, then “accept 192.168.1.200” can be removed.

1 Like

Hello,
Thanks again.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.