SocksPolicy scenario

hack3rcon · January 31, 2024, 9:36pm

Hello,
In a network, the Wi-Fi address range is 172.19.0.0/22 and the internal network is 172.16.0.0/16. I want only IP address 172.20.1.254 from the range of internal network and Wi-Fi addresses and all other addresses to be able to connect to Tor. I wrote the following SocksPolicy. is it right?

SocksPolicy accept 172.19.0.0/22, accept 172.20.1.254, reject 172.16.0.0/16,  accept *

Thank you.

BobbyB · February 1, 2024, 11:19am

I’m not sure I completely understand the specs of the question as stated.

As specified I read it that you want all addresses (of the world) except the internal network (172.16.0.0/16) to have access to Tor.

Presuming the rules are evaluated from left to right then (reject 172.16.0.0/16, accept *) does it all

172.20.1.254 does not match rule 1 (reject 172.16.0.0/16) and would match rule 2 (accept *)
WiFi 172.19.0.0/22 does not match rule 1 (reject 172.16.0.0/16) and would match rule 2 (accept *)
internal 172.16.0.0/16 would match rule 1 (reject 172.16.0.0/16) and rule 2 need not be evaluated
Any other IP (of the world) does not match rule 1 (reject 172.16.0.0/16) and would match rule 2 (accept *)

Are you sure you did not mean 172.16.0.0/12 which is how the second class of private IPs is expressed. If so then it changes a lot.
SocksPolicy accept 172.19.0.0/22, accept 172.20.1.254, reject 172.16.0.0/12, accept *

hack3rcon · February 2, 2024, 5:41pm

Hello,
Thank you so much for your reply.
I just want the IP address 172.20.1.254, all devices connected to Wi-Fi and other IP addresses other than the range 172.16.0.0/12 to be able to connect to the Tor.

BobbyB · February 3, 2024, 3:06am

I already gave that solution in my previous post which is:
accept 172.19.0.0/22, accept 172.20.1.254, reject 172.16.0.0/12, accept *

172.20.1.254 matches rule 2 (accept 172.20.1.254)
WiFi matches rule 1 (accept 172.19.0.0/22)
All IPs left in the range 172.16.0.0/12 match rule 3 (reject 172.16.0.0/12)
You said “and other IP addresses other than the range 172.16.0.0/12 to be able to connect to the Tor”
This matches rule 4 (accept *)

What is your understanding of 172.16.0.0/12 or 172.19.0.0/22

I’m starting to wonder if I’m talking to a bot.

hack3rcon · February 3, 2024, 1:38pm

Hi,
Thanks again.
So, my rule was correct:

SocksPolicy accept 172.19.0.0/22, accept 172.20.1.254, reject 172.16.0.0/16,  accept *

BobbyB · February 4, 2024, 4:18am

No, it was not

system · February 5, 2024, 4:19am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.