On my home network I have an extra firewall appliance with four ethernet jacks. I was going to use it for pfsense and replace my router but I couldn’t get it to log into my ISP ‘s modem so I gave up on that and am repurposing it to provide hardware network isolation for a tor only node.
The appliance is running pi-hole atm in docker, and tor. One ethernet cable leads to my main router providing access to the internet. Another cable leads directly to a raspberry pi.
On the repurposed firewall appliance, eth0 has address 10.0.0.4 and eth2 has address 192.168.34.1 and the raspberry pi has address 192.168.34.2 and no other network access. There is no and I do not want there to be any DNS or general traffic forwarding for the pi. The ONLY network access I want the pi to have should be over that cable and ONLY via tor.
Currently I can ssh into the pi from the appliance, but I plan to shut that off and run ssh on the pi as a hidden service once everything is working. Ideally only one port should be open between the pi and the appliance controlled by the firewall on the appliance when I am done.
My plan was to run a private bridge on the appliance listening on eth2 (192.168.34.1:9001) and then configure the torrc on the pi to use that bridge always.
I would have expected it to connect to the instance of tor running on the pi which would use the bridge it is supposed to be configured to use ( the firewall appliance ) and that would connect to the site.
are you able to ping 192.168.34.1 from 192.168.34.2? (you may deactivate this later, just to make sure routing works correctly)
do you allow tcp connections from 192.168.34.2 to 192.168.34.1 on port 9001 (new/established/related)?
It seems to be working on the appliance. It’s listening on 9001. I know this from the ss command and also because I see this in the log on the pi (192.168.34.1):
Nov 21 15:11:03.000 [notice] Learned fingerprint long-string-of-hexadecimal-numbers for bridge 192.168.34.1:9001.
Nov 21 15:11:03.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Nov 21 15:11:03.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Nov 21 15:11:03.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
long-string-of-hexadecimal-numbers matches the fingerprint when I do sudo cat /var/lib/tor/fingerprint on the appliance.
It prints:
Unnamed long-string-of-hexadecimal-numbers
Because I did not enter long-string-of-hexadecimal-numbers anywhere this information came from the instance of tor running on the appliance and was read by the instance of tor running on the pi (presumably over port 9001)
On the appliance, the log says bootstrapped 100% able to form a tor circuit but on the pi it gets stalled at 25%
Never mind! I went away and came back and the next day I see my isolated tor node is working! I guess it needed a lot of time . I thought it was stuck indefinitely at 25% Thanks for the help