How to open port 9150 on a Mac so external devices can connect to it

firewallNetworkPROXY

On Localhost I can access and connect to port 9150, but on another devices on the network it cannot see the port and cannot connect to it. I've checked and there is no firewall on the network preventing the connection.

If it matters I have a proxy server running on that port that I need other devices to be able to connect to.

I am running macOS High Sierra 10.13.1 on a MacBook Pro Early 2015.

Best Answer

By default, your Tor client only listens for applications that connect from localhost (i.e. lo0 - 127.0.0.1). So the proxy is not bound to other interfaces like en0 or en1.

To set up a Tor proxy for apps on other hosts in the network you should follow the how-to:

I want to run my Tor client on a different computer than my applications. By default, your Tor client only listens for applications that connect from localhost. Connections from other computers are refused. If you want to torify applications on different computers than the Tor client, you should edit your torrc to define SocksListenAddress 0.0.0.0 and then restart (or hup) Tor. If you want to get more advanced, you can configure your Tor client on a firewall to bind to your internal IP but not your external IP.

Can I install Tor on a central server, and have my clients connect to it? Yes. Tor can be configured as a client or a relay on another machine, and allow other machines to be able to connect to it for anonymity. This is most useful in an environment where many computers want a gateway of anonymity to the rest of the world. However, be forwarned that with this configuration, anyone within your private network (existing between you and the Tor client/relay) can see what traffic you are sending in clear text. The anonymity doesn't start until you get to the Tor relay. Because of this, if you are the controller of your domain and you know everything's locked down, you will be OK, but this configuration may not be suitable for large private networks where security is key all around.

Configuration is simple, editing your torrc file's SocksListenAddress according to the following examples:

SocksListenAddress 127.0.0.1

SocksListenAddress 192.168.x.x:9100

SocksListenAddress 0.0.0.0:9100

You can state multiple listen addresses, in the case that you are part of several networks or subnets.

SocksListenAddress 192.168.x.x:9100 #eth0
SocksListenAddress 10.x.x.x:9100 #eth1

After this, your clients on their respective networks/subnets would specify a socks proxy with the address and port you specified SocksListenAddress to be.

Please note that the SocksPort configuration option gives the port ONLY for localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need to give the port with the address, as shown above.

If you are interested in forcing all outgoing data through the central Tor client/relay, instead of the server only being an optional proxy, you may find the program iptables (for *nix) useful.

Source: Tor FAQ
Location of the torcc file: ~/Library/Application Support/TorBrowser-Data/Tor

I didn't get this to work properly!

Related Question