Persistent Tor Entry/Guard Nodes

jkygtiflug · January 6, 2019, 3:27am

I have a firewall in front of whonix, and I would like to restrict all outbound traffic to either tor bridges or tor entry nodes… I am having trouble with tor bridges at the moment, “general SOCKS server failure”, so I am going to take a crack at opening up the firewall to allow traffic to the tor entry nodes…

This seems like a common scenario to me, putting a firewall in front of whonix so that no traffic leaves the network unless its going through tor seems like a no brainer…

As of right now, I am in the planning stages of this endeavor.

I believe I need to allow traffic to pass to the tor directory node(s), where can I find these ip addresses?

Also, I need to know which entry nodes tor will be using, is there a file with a list of them, after connecting to the directory node(s)? where can I find these ip addresses?

Any insights to this setup are greatly appreciated.

Thank you!

Patrick · January 6, 2019, 7:38am

Does corridor all what you are asking for?

jkygtiflug · January 6, 2019, 8:27am

Hey Patrick, interesting solution, its late here, so I will review it again in the morning to double check it satisfies my needs, Thank you for your help =]

Now that said, I did spend a pretty penny on a mini machine w/ atom processor to run a firewall on, since I have gone that far already, I would like to continue on with my solution, is there any chance any of you can answer my questions? =]

0brand · January 6, 2019, 10:39pm

Hi jkygtiflug

Tor Metrics.

https://metrics.torproject.org/networksize.html

Search flag:guard
https://metrics.torproject.org/rs.html#search/flag:Guard

Entry guards

sudo cat /var/lib/tor/state

Then maybe compare to Tor metrics?

Metrics search flag:authority

https://metrics.torproject.org/rs.html#search/flag:authority

Most but not all answers to Tor/Tor Browser questions can be found at https://torproject.org or there abouts. Most of the time I’ll use a search engine and it will lead me back to https://torproject.org so i would start with that. I wouldn’t trust anything such as node lists unless it comes from torproject. Even then you never know who the node operator is.

Patrick · January 7, 2019, 4:49am

You can use Libre Software corridor which at least gets some scrutiny or cook up your own solution.

The source code of corridor shows how all of this can be done in a sane way.

I don’t think it’s a good use of my time helping to invent custom solutions that benefit 1 if there’s already Libre Software projects that serve exactly the same purpose.