Configure Tor as a listening proxy server that I can connect to remotely?

I currently have the Vidalia bundle installed on my Windows Server 2008 R2 machine. Is there a way that I can connect to the Tor network through this computer from other computers on the LAN or from WAN (through port forwarding)? If I try to connect to my server's Tor proxy on SOCKS5 port 9050 from another machine, it can't connect. Nmap shows the port as closed.

Note that I'd like to avoid using SSH or anything other than simple SOCKS/port forwarding, if that's possible.


I solved the problem by adding these lines to C:\Users\Administrator\AppData\Local\Vidalia\torrc

SocksListenAddress (Server's internal IP address here)
SocksPolicy accept *

Tor will now accept connections on port 9050 from any other computers on the LAN. They can now use Tor as a SOCKS5 proxy.


Use This:

SocksPort 0.0.0.0:9050

Setting 0.0.0.0 as host let all other devices on the network, see it and use it as a proxy.


You need to edit your TOR configuration file. In my case its

/etc/tor/torrc

For allowing TOR to run on all interface.

SOCKSPort 0.0.0.0:9050

For allowing only specific IP address to connect remotely to TOR service.

SOCKSPolicy accept xxx.xxx.xxx.xxx/32 # Your remote server IP address
SOCKSPolicy reject *

*above first policy will allow only xxx.xxx.xxx.xxx IP to connect remotely to TOR proxy. Second policy will reject all other IP addresses trying to connect.


Here is my answer based on the responses of my forum colleagues and adding some more guidelines...


Open Tor configuration file...

vi /etc/tor/torrc

Add permission to Tor...

SocksPort 0.0.0.0:9050

... listens for connections from other network interfaces and not just the local one (127.0.0.1). Without it, Tor will not be accessible outside the server (localhost) that runs it.

Add permission for the desired IP range.

If your host has, for example, an IP 192.168.56.100 add an entry according to that value...

SocksPolicy accept 192.168.56.0/24

... which means that any IP in the 192.168.56.X range will be accepted by Tor.

The /etc/tor/torrc file should look like this after adding the above entries...

[...]

## Tor opens a socks proxy on port 9050 by default -- even if you don't
## configure one below. Set "SocksPort 0" if you plan to run Tor only
## as a relay, and not make any local application connections yourself.
#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
#SocksPort 192.168.0.1:9100 # Bind to this adddress:port too.
SocksPort 0.0.0.0:9050

[...]


## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SocksPolicy is set, we accept
## all (and only) requests that reach a SocksPort. Untrusted users who
## can access your SocksPort may be able to learn about the connections
## you make.
#SocksPolicy accept 192.168.0.0/16
#SocksPolicy reject *
SocksPolicy accept 192.168.56.0/24

[...]

TIPS:

  • Allow TCP port 9050 through the firewall if necessary;
  • Use this command curl --socks5 <TOR_SERVER_IP>:9050 https://check.torproject.org/ to test connection to Tor service from other computer on your network.

[Refs.: https://trac.torproject.org/projects/tor/wiki/doc/CentralizedTorServer , https://superuser.com/a/1284095/195840 , https://superuser.com/a/1374920/195840 ]