[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Question: Hidden Services, Virtual Machines, and iptables

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Question: Hidden Services, Virtual Machines, and iptables
From: Niels Elgaard Larsen <elgaard@xxxxxxx>
Date: Wed, 08 Jul 2009 10:30:47 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 08 Jul 2009 04:32:26 -0400
In-reply-to: <4A53F223.8050304@xxxxxxxxx>
References: <4A53F223.8050304@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090701)

Ringo wrote:
> Hey Tor users,
> 
> My work to write a how-to manual for setting up and securing hidden
> services is well underway, but I've got a question that's been getting
> at me.
> 
> Obviously, hidden services are the 'most secure' when they're run inside
> a virtual machine (qemu, vmware, etc. pick your poison). One could
> certainly run Tor inside the vm and then have that torrc contain the
> instructions for the hidden service. The problem then, is that the vm
> has to access the web. We would only want the vm accessing the web IF it
> was going through Tor, but we wouldn't want to just route all vm traffic
> through the host's Tor client because then you could be running Tor...
> over Tor.

You could use a live-cd instead of a VM.

as coderman suggest owner match is probably the simplest

if you have an extra IP address you could assign it to the VM and match on it.

We have been considering adding something like this to our live-CD. The problem of course
is dealing with NAT.

References:
- Question: Hidden Services, Virtual Machines, and iptables
  - From: Ringo

Prev by Author: Re: Safe destinations
Next by Author: How to set time.
Previous by thread: Re: Question: Hidden Services, Virtual Machines, and iptables
Next by thread: unsubscribe or-talk
Index(es):
- Author
- Thread