Here is my answer based on the responses of my forum colleagues and adding some more guidelines...
Open Tor configuration file...
vi /etc/tor/torrc
Add permission to Tor...
SocksPort 0.0.0.0:9050
... listens for connections from other network interfaces and not just the local one (127.0.0.1). Without it, Tor will not be accessible outside the server (localhost) that runs it.
Add permission for the desired IP range.
If your host has, for example, an IP 192.168.56.100 add an entry according to that value...
SocksPolicy accept 192.168.56.0/24
... which means that any IP in the 192.168.56.X range will be accepted by Tor.
The /etc/tor/torrc
file should look like this after adding the above entries...
[...]
## Tor opens a socks proxy on port 9050 by default -- even if you don't
## configure one below. Set "SocksPort 0" if you plan to run Tor only
## as a relay, and not make any local application connections yourself.
#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
#SocksPort 192.168.0.1:9100 # Bind to this adddress:port too.
SocksPort 0.0.0.0:9050
[...]
## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SocksPolicy is set, we accept
## all (and only) requests that reach a SocksPort. Untrusted users who
## can access your SocksPort may be able to learn about the connections
## you make.
#SocksPolicy accept 192.168.0.0/16
#SocksPolicy reject *
SocksPolicy accept 192.168.56.0/24
[...]
TIPS:
- Allow TCP port 9050 through the firewall if necessary;
- Use this command
curl --socks5 <TOR_SERVER_IP>:9050 https://check.torproject.org/
to test connection to Tor service from other computer on your network.
[Refs.: https://trac.torproject.org/projects/tor/wiki/doc/CentralizedTorServer , https://superuser.com/a/1284095/195840 , https://superuser.com/a/1374920/195840 ]
netstat -an
on the R2 server does it show 9050 bound to 127.0.0.1 or 0.0.0.0?