My use case: I build an SSH socks5 proxy to a network less restrictive than the one I'm on. I tell Tor Browser to use that socks5 proxy. I leave "This computer goes through a firewall that only allows connections to certain ports" unchecked. The following lines are added to the torrc. ``` Socks5Proxy 127.0.0.1:2343 ReachableAddresses *:80,*:443 ReachableAddresses reject *:* ReachableAddresses reject *:* ``` The reachable address lines seem to be added due to https://trac.torproject.org/projects/tor/ticket/11405#comment:7 (The duplicate ReachableAddresses reject line is a known issue ... somewhere. There's a ticket.) The issue: I can reach any port on through this socks5 proxy. My guard selection is being artificially limited to guards that have an ORPort of 443. I suspect that ReachableAddresses should only be set to 80 and 443 if the proxy type is HTTP(S). Or not at all unless "This computer goes through a firewall that only allows connections to certain ports" is checked. In my very limited experience with proxies, it seems sane to assume only 80/443 for HTTP(S) proxies, but it doesn't seem sane to assume 80/443 for a socks5 proxy. The following python script shows that right now about 42% of guards have the ORPort of 443 (or 80, but most are 443). ``` from stem.control import Controller guards_443 = [] guards_all = [] with Controller.from_port(port = 9151) as c: c.authenticate() for stat in c.get_network_statuses(): if 'Guard' in stat.flags: guards_all.append(stat) if stat.or_port == 80 or stat.or_port == 443: guards_443.append(stat) print "Num 443 ORPort guards:", len(guards_443) print "Num guards: ", len(guards_all) print "443/all:", len(guards_443)*1.0/len(guards_all) ``` More interesting would be - what percent by weight am I limited to? - what is the geographical distribution of these guards?