Re: Jailed/sandboxed/chrooted applications

[Adlesshaven <adlesshaven@xxxxxxxxxxxxxx>]

Fabian Keil wrote:
> Adlesshaven <adlesshaven@xxxxxxxxxxxxxx> wrote:
>
>   
> > Does anyone here jail, sandbox or chroot the applications they use with Tor?
> >     
>
> I'm running Tor and Privoxy in FreeBSD jails,
> Xorg applications (which probably pose a bigger thread)
> are running on the host system, though.
>
>   
> > I have been trying to adapt the Wiki's transparent proxy recommendations
> > to a FreeBSD jail for the last couple weeks with no luck.
> >     
>
> I wrote about trans-proxy-tor running in a FreeBSD jail at:
> http://www.fabiankeil.de/blog-surrogat/2006/06/15/jail-experimente-mit-ezjail.html
>
> The text is in German but the only thing that really matters is
> the /etc/devfs.rules example to make /dev/pf visible in the jail.
>
> Nowadays I use Tor's TransPort option instead of trans-proxy-tor,
> but the configuration is pretty much the same.
>
> Fabian
>   
Interesting. You used pretty much the reverse of what I was doing.
My process is something like:

Set up a jail with sshd
Install xauth, firefox, thunderbird, etc. in the jail
Set up ssh outside the jail to be able to connect to the jail
   and have X connections forwarded
Set up PF to forward all connections to Tor's TransPort,
   which is on the host system
Use ssh to start a program, eg firefox, and it appears
   on the host system's desktop

What I am having trouble with is step 4. It *looks* like PF
is working fine, but Tor doesn't see the traffic to the TransPort.
I think I have just been designing the firewall rules stupidly.
The Tor Wiki gives a different scenario so it isn't too helpful.