I need help about a SocksPolicy scenario

hack3rcon · January 27, 2024, 3:46pm

Hello,
I want IP addresses in the range of 192.168.0.0/24 to not be able to connect to the Tor, but 192.168.1.100 and other IP address ranges can connect to the Tor. How should I configure SocksPolicy?

Thank you.

capole · January 28, 2024, 1:53pm

You asked the same on July 2023

abysshint · January 28, 2024, 1:53pm

If you wrote it correctly, it should be like this:

SocksPolicy reject 192.168.0.0/24,accept *

If you were mistaken and meant 192.168.0.0/16, then it should be like this:

SocksPolicy accept 192.168.1.100,reject 192.168.0.0/16,accept *

Let me remind you of the main CIDR ranges (IP - 1.2.3.4):

CIDR	MASK	RANGES	COUNT
/32	1.2.3.4	1.2.3.4 - 1.2.3.4	1
/24	1.2.3.*	1.2.3.0 - 1.2.3.255	256
/16	1.2..	1.2.0.0 - 1.2.255.255	65,536
/8	1...*	1.0.0.0 - 1.255.255.255	16,777,216
/0	...	0.0.0.0 - 255.255.255.255	4,294,967,296

Also, to allow other IP address ranges to connect to your proxy, use port listening on all interfaces:

SOCKSPort 0.0.0.0:9050

or only on selected interfaces:

SOCKSPort 127.0.0.1:9050
SOCKSPort 192.168.1.100:9050

hack3rcon · January 29, 2024, 12:45am

Hello,
Thank you so much for your reply.
Why did you choose socksport 192.168.1.100:9050?
If I use socksport 192.168.1.200:9050, then:

SocksPolicy accept 192.168.1.100, 192.168.1.200, reject 192.168.0.0/16, accept *

Am I right?

hack3rcon · January 29, 2024, 12:45am

Hello,
Thank you so much for your reply.
No this question is different!

abysshint · January 29, 2024, 8:03am

This is just an example, you have to set your network parameters…

I don’t know what your goals are and what your network settings are, so I can’t say for sure, don’t take everything I write literally!
Before asking a question, just set it up and check the result. Tor will give you an error with this SocksPolicy because you can’t list items without accepting/rejecting at the beginning of each list item. This will be correct:

SocksPolicy accept 192.168.1.100, accept 192.168.1.200, reject 192.168.0.0/16,  accept *

hack3rcon · January 29, 2024, 9:02am

Hello,
Thanks again.
The Tor is running on the following address:

SocksPort 192.168.1.200:9050

And I want 192.168.1.100 and other IP addresses except the 192.168.0.0/16 range to be able to connect to the server, So:

SocksPolicy accept 192.168.1.100, accept 192.168.1.200, reject 192.168.0.0/16,  accept *

Is it correct?

abysshint · January 29, 2024, 10:30am

Yes, but if you do not use a proxy on the server machine, then “accept 192.168.1.200” can be removed.

hack3rcon · January 29, 2024, 11:35am

Hello,
Thanks again.