[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] EFF Tor Challenge

--- On Thu, 6/2/11, CACook@xxxxxxxxxxxxxxx <CACook@xxxxxxxxxxxxxxx> wrote:

> For those interested, so far my best idea is running the
> daemon in a VirtualBox VM running SELinux as guest, and
> bridged to the outside.  This should substantially
> solve most problems except membership in the local
> LAN.  

I don't think that this would make for a best practice,
I think that a linux lxc should be encouraged instead,
it is way more efficient.

> If only consumer-grade routers had VLan, although routers
> aren't necessarily secure.  Maybe a switch on the WAN
> side of the router, to flange the LAN and Tor interface
> together in a class C different from the LAN.

As fir isolation, I think that a best practice 
should use iptable rules.  But if you want to 
go the cheap hardware route, buy a $5/15 nic 
and add it to your box and plug that nic into 
your modem's DMZ port, most of them have one.


tor-talk mailing list