[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Question: Hidden Services, Virtual Machines, and iptables



That's a good solution, but it sounds like it would take lots of
memory/cpu, especially if you're running both of these VMs from an
encrypted partition. If a serious exploit was found in Tor (or
implemented in Tor), it would still be able to break out of the main VM,
but at least it still wouldn't have a real IP address.

I still feel like there's got to be a simpler way to do this.

Ringo


coderman wrote:
> On Tue, Jul 7, 2009 at 6:10 PM, Ringo<2600denver@xxxxxxxxx> wrote:
>> ...
>> One could.. run Tor inside the vm and have that torrc contain the
>> instructions for the hidden service. The problem then, is that the vm
>> has to access the web. ...
>>
>> Of course, one could always run a hidden service on the host machine and
>> then redirect all traffic to the vm, but the pitfalls in this are
>> obvious....
>> Does anybody have any solutions to this dilemma or thoughts on ways to
>> restructure the model so this isn't a problem?
> 
> in such a configuration i prefer to use two virtual machines.
> 
> one vm has host-only networking to serve hidden service content.
> 
> second vm hosts Tor router with hidden service pointed at vm host.
> 
> host uses iptables redirect and/or tcp proxy to connect hidden service
> connections from Tor VM to hidden service VM port at host-only
> endpoint.
> 
> (there are variations on this theme...)
> 
> best regards,
>