Reply

How to block tor IP address?

mystvearn
Aspirant

How to block tor IP address?

Hi,

I bought this router to block kids from accessing pornographic material. OpenDNS can handle most it. I noticed however that tunneling software like tor with its portable app kind of installer can bypass this. How do I block the IP addresses used by Tor with the router?
Message 1 of 22
RogerSC
Virtuoso

Re: How to block tor IP address?

If you want to use dd-wrt, "tor" is one of the services that you can explicitly block under "access restrictions". Pretty easy, and lots of flexibility if you need it.
Message 2 of 22
mystvearn
Aspirant

Re: How to block tor IP address?

Can I get back the R7000 firmware if I decide to go back from dd-wrt?
Message 3 of 22
LeeH
Prodigy

Re: How to block tor IP address?

Yes you can flash back to the Netgear firmware after flashing DD-WRT.
Message 4 of 22
RogerSC
Virtuoso

Re: How to block tor IP address?

Yep, I hear that it can take more than one try, but doing a factory reset to defaults before flashing back to Netgear firmware from dd-wrt firmware can be helpful. It hasn't taken me more than one try to flash back to Netgear firmware yet, but again, I hear from others that it can take more than one try.

I've also used tomato firmware, and flashing back and forth between firmware has it's kinks, you just need to read about how to do it. I've done this lots of times, and everything is just fine here *smile*.

For example, to flash to dd-wrt firmware from Netgear firmware, you'll need to do an intermediate flash, that's in the directory called "Initial" in Kong's repository. You first flash that "initial" firmware, then you can flash whatever dd-wrt firmware version you want to use. Remember to do a reset to factory defaults after you get to your final dd-wrt firmware version, before entering your configuration settings.
Message 5 of 22
mystvearn
Aspirant

Re: How to block tor IP address?

I see. Thanks. dd-wrt does support OpenDNS right?

Weirdly when I enter the R7000 at the supported dd-wrt router list, it does not come out, however, when I browse for the routers, I do find it. I bought the R7000 in UK, and not the US version, if that makes a difference.
Message 6 of 22
MatM
Guide

Re: How to block tor IP address?

There is only this KONG built out there - people use it - but I will wait until it´s in the router Databasen on DD-WRT Smiley Happy
Message 7 of 22
RogerSC
Virtuoso

Re: How to block tor IP address?

Yes, don't go through the router data base at dd-wrt, that's outdated for the R7000. There's a repository of Kong's (dd-wrt developer) firmware builds here:

http://desipro.de/ddwrt/K3-AC-Arm

You should pay particular attention to the Readme and Changelog files, and the Initial firmware image is also important as you'll see from the Readme file..

There are various threads on the dd-wrt on the dd-wrt firmware for the R7000. Here's a thread on the latest Kong dd-wrt release for the R7000:

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=268455&postdays=0&postorder=asc&start=0

and there's lots more to read there when you look around.

And yes, OpenDNS is supported by dd-wrt, I've used their DNS servers from time to time with no problems.
Message 8 of 22
mystvearn
Aspirant

Re: How to block tor IP address?

MatM, Is this because the router is still relatively new? RogerSC, Thanks. Is it good as the standard netgear software or still buggy? If its too finicky to install, maybe I should best wait until a stable version is released?
Message 9 of 22
JAMESMTL
Novice

Re: How to block tor IP address?

mystvearn wrote:
Is this because the router is still relatively new?


No it's more of an issue that the router database is not really maintained at the same rate as the the firmware. I would suggest reading http://www.dd-wrt.com/phpBB2/viewtopic.php?t=54845 along with all of the stickies for the Broadcom SOC based hardware

A better listing showing which devices are supported is the wiki found here http://dd-wrt.com/wiki/index.php/Supported_Devices
Message 10 of 22
RogerSC
Virtuoso

Re: How to block tor IP address?

mystvearn wrote:
RogerSC,

Thanks. Is it good as the standard netgear software or still buggy? If its too finicky to install, maybe I should best wait until a stable version is released?


Dd-wrt firmware has been more stable than the Netgear stock. When I've had trouble with the Netgear stock firmware, dd-wrt has been stable and has performed well.

It is not finicky to install (whatever that means *smile*), just follow the instructions in the Readme file. The versions in Kong's repository are stable, Kong tests his dd-wrt builds on the R7000 himself. The latest version that I've used, 25015M, has been stable for me. If this one isn't stable for you, then I'd suggest trying 24345M "OLDD", which is the last dd-wrt version with the older Broadcom wireless drivers. This has been stable for those that have had problems with the latest version. It really depends on what you have in your network at your home, as is always the case with router firmware.

It's all up to you, all I can do is point you at the information about dd-wrt, which I have done.

Good luck.
Message 11 of 22
Fairytail
Virtuoso

Re: How to block tor IP address?

Hi,

I bought this router to block kids from accessing pornographic material. OpenDNS can handle most it. I noticed however that tunneling software like tor with its portable app kind of installer can bypass this. How do I block the IP addresses used by Tor with the router?


You mean to say even using the LPC feature of the router, you can still bypass it by TOR software?
Message 12 of 22
mystvearn
Aspirant

Re: How to block tor IP address?

minions08 wrote:
You mean to say even using the LPC feature of the router, you can still bypass it by TOR software?


What is LPC?

I have heard but never used dd-wrt. I've just finish reading the sticky thread. I think these links should be enough for me to get started with dd-wrt?
http://tips.desipro.de/category/dd-wrt/
http://www.desipro.de/ddwrt/K3-AC-Arm/
http://www.desipro.de/ddwrt/K3-AC-Arm/Changelog
http://www.youtube.com/watch?v=kYJh4bKJkSU
http://dd-wrt.com/wiki/index.php/DD-WRT_on_R7000

I'm guessing I need this firmware as backup?

http://www.netgear.com/home/products/networking/wifi-routers/R7000.aspx#tab-support
Message 13 of 22
RogerSC
Virtuoso

Re: How to block tor IP address?

mystvearn wrote:
What is LPC?

I have heard but never used dd-wrt. I've just finish reading the sticky thread. I think these links should be enough for me to get started with dd-wrt?


According to google, LPC is "Live Parental Controls", listed as a Netgear router firmware feature that is actually implemented by OpenDNS. You might look at that if you haven't already, I've never needed it, so don't know much about it (other than the name *smile*).

Yes, those URL's point at enough information, although I'd add the Readme file from Kong's repository (in addition to the Changelog). A couple of comments. though. The youtube presentation, that I kind of scanned through, just opens all the menus without any commentary on what each one does, not too useful in my view. For one thing, you don't see the menus until you've flashed to dd-wrt *smile*, so the video won't help you in your initial flashing process. And I haven't opened that many of the menus, since you only have to configure what you need. Most features are disabled by default, so you only need to go there if you use those features. The video makes dd-wrt seem much more complex for simple use than it really is. Just like most firmware, once you've flashed it, and your router has come up, you'll be connected to the internet, so it's just specific configuration after that.

Don't forget to reset your router to factory defaults after flashing dd-wrt, and before configuring it. This is good practice in any case, but when switching from Netgear to dd-wrt, this is really required. If you don't know how to do this, just press in and hold the "reset" button on the back of the router for about 10 seconds, then release it. A power-cycle after flashing is also a good thing, turn the router off for about 10 or 15 seconds, and then back on again.

There are only a few tabs that I go through to manually configure a new version of dd-wrt, mainly setting the time zone, and configuring the wireless. The rest gets used if you need it, like USB, port forwarding, ddns, ad blocking, vpn support, web server, and so on. You will want to look at "Access Restrictions", though, it sounds like.

If you follow the flashing instructions in the wiki article, you'll be fine. And take your time doing configuration the first time. It is easy, though, just follow the document that you've listed that gives the tips for configuring the wireless for the first time. Very helpful. And any more specific questions can be asked in the dd-wrt forum.
Message 14 of 22
mystvearn
Aspirant

Re: How to block tor IP address?

LPC is just another name for OpenDNS controls. You log in via netgear website and you get the OpenDNS interface.

Thanks. Will take time to do this
Message 15 of 22
mystvearn
Aspirant

Re: How to block tor IP address?

I followed the instructions here:
www.tweaking4all.com/hardware/netgear-r7000-dd-wrt/

First, I donwloaded the firmware *.chk from netgear
Then flash it to the initial Kong build (dated 4/16/13) I forgot which build was that (in the initial folder. It was working.
I flashed it to the 2501 build. While I can connect and modify the router nicely, the router is disconnected. Will not connect to the internet. Reflashing it back down to the first build did not solve it. I had to reflash to stock. Then need to press the reset buttons few times as for some reason the default admin/password does not work. After reset and turn off the device, then it will reconnect. However, the netgear genie run some test to auto configure the router to the modem as the router was disconnected from the modem even though it is on ethernet connection.

I tried again with the similar steps. The initial=.chk was fine, but everything aside from that does not work.

So I had to revert back to stock mode.

Inside the netgear stock mode itself (routerlogin.net)>advance>security>
there are
Block sites
Block services

I noticed I could manually place the block sites there as well. I think it is possible to just put all the tor IP addresses in there? It would save me the headache of flashing the router.
Any ideas?
Message 16 of 22
RogerSC
Virtuoso

Re: How to block tor IP address?

If you're having problems flashing dd-wrt, I'd suggest posting in the dd-wrt forum. There's a thread on the newest build, 25015M. I just flashed it myself with no problem, so it isn't clear to me what problem you ran into. Did you reset the router to factory defaults after your dd-wrt flashes?

Also, yes, when you flash back from dd-wrt to stock firmware, you have to reset the stock firmware to factory defaults to be able to login. That's mentioned in the Readme file I keep trying to get you to read.

Anyways, sorry that you're having problems. Just remember, when in doubt or trouble, resetting to factory defaults can only help *smile*.
Message 17 of 22
mystvearn
Aspirant

Re: How to block tor IP address?

RogerSC wrote:
If you want to use dd-wrt, "tor" is one of the services that you can explicitly block under "access restrictions". Pretty easy, and lots of flexibility if you need it.


Did that. Tor still working:rolleyes:
Message 18 of 22
mystvearn
Aspirant

Re: How to block tor IP address?

Also did this: http://sjoerd-hemminga.com/blog/2012/10/block-tor-exit-nodes-using-iptables/ I placed this script in the iptable (Administration>commands) Tor is still working. That script does not seem to work. Also, my DSL has dynamic IP. So the IP changes. Any ideas?
Message 19 of 22
JAMESMTL
Novice

Re: How to block tor IP address?

Those are exit nodes, not necessarily relays.
Message 20 of 22
mystvearn
Aspirant

Re: How to block tor IP address?

JAMESMTL wrote:
Those are exit nodes, not necessarily relays.


I see. Oh well. I'll try to figure something out then. It seems this is the only thing left that needs to be plugged.

After busy configuring the R7000, I went back to the stock firmware. The dd-wrt though working still unable to block all tor. Maybe cause I have no idea how to setup that tor blocker.

After busy reconfiguring back to stock netgear. I noticed that my laptop will can't log into the internet. I can login to the router. Which is weird. Every other device can connect to the router via wifi. I did a flush dns on this win7 laptop, however it seems that only the wireless connection of the laptop does not work with the router. When I connect to another wireless network, the laptop is working fine. So the problem has to be with the laptop itself. I noticed that there was a conflict with the DNS or something like that.

I ran the genie software, it says "the gateway is invalid"
"Cannot test DNS."

How to fix this?
Message 21 of 22
mystvearn
Aspirant

Re: How to block tor IP address?

Just to note that I can't even login to the routerlogin.net via browser or genie software.

I'm guessing there is some setting screwed on the laptop as the wired connection from the laptop to the R7000 works. Meaning the problem is only with the wireless connection.
Message 22 of 22
Top Contributors
Discussion stats
  • 21 replies
  • 5972 views
  • 0 kudos
  • 6 in conversation
Announcements

Orbi WiFi 6E