[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Question: Hidden Services, Virtual Machines, and iptables



Ringo wrote:
> Hey Tor users,
> 
> My work to write a how-to manual for setting up and securing hidden
> services is well underway, but I've got a question that's been getting
> at me.
> 
> Obviously, hidden services are the 'most secure' when they're run inside
> a virtual machine (qemu, vmware, etc. pick your poison). One could
> certainly run Tor inside the vm and then have that torrc contain the
> instructions for the hidden service. The problem then, is that the vm
> has to access the web. We would only want the vm accessing the web IF it
> was going through Tor, but we wouldn't want to just route all vm traffic
> through the host's Tor client because then you could be running Tor...
> over Tor.

You could use a live-cd instead of a VM.

as coderman suggest owner match is probably the simplest

if you have an extra IP address you could assign it to the VM and match on it.

We have been considering adding something like this to our live-CD. The problem of course
is dealing with NAT.