Ubuntu Snowflake Standalone Proxy tries to access private LAN

So I did setup a standalone snowflake proxy with Ubuntu 22.04 LTS.
I built it from git with go according to the setup-guide from torproject.org.
It seems to be working as it did log connections and traffic.

However, since I started the proxy my router started blocking (and logging) connection attempts from the proxy machine to private IP-addresses (, and every 5 minutes.

I don’t think this is intended behavior?
Is this an artifact from any of the log files?
Can it be turned off?

Best regards.

The IPs you listed are the IPs of the machines other than the one that you set up Snowflake on?

What kind of connections are those?

I believe probably your proxy is trying to connect to the client through the local network (WebRTC is made to also work on local networks). If the client says that “hey, one of my IPs is”, your proxy will try to reach it there (which is not dangerous IMO).
I did check logs of my Snowflake and indeed some clients do say that, although by default the clients should be filtering out local addresses before sending the list to the proxy (also see this issue).

So, probably, nothing to worry about.

1 Like

Over the last night I logged a wide variety of Class A, B and C type private IP connection attempts about every 5-10mins.
Of which only seems to be repeating consistently.
They do originate from snowflake ports and are UDP only.

There are no machines with these addresses in my network.
The snowflake machine is in its own Class B /30 network.
No connections other then to the gateway or the internet are allowed.

It might be nothing to worry about as my Router blocks the connection attempts.
It just would be nice to not seeing these attempts at all.

Maybe the filter is not working?
Do I need to do something different?
In the linked documents there are some WebRTC Modes mentioned.
Can these be set by me?

Thanks in advance.

Maybe. Maybe the clients turned on the -keep-local-addresses option. Or maybe they’re using an outdated client version.

I don’t think so, I believe they’re not implemented by Pion (out WebRTC library) yet. So I don’t think you can do it, not without changing the source code of your proxy.

I don’t think much can be done with the current version of Snowflake proxy. Maybe this might help in the future.

1 Like

Thank you WofWca for sharing alle the information.

I blackholed all connection attempts from proxy to private IPs for now to stop flooding my routers block-logs.

1 Like