Hey folks,
I've implemented a TorVM service for Qubes OS [1] and I am seeking
feedback from more knowledgeable eyes on the tor+iptables configuration.
Quick background to give this context:
Qubes is an OS based on Xen and Linux that isolates applications to
domains. Each domain is a virtual machine. Even networking takes place
in virtual machines.
My TorVM configuration is essentially an anonymizing middlebox for it's
network client VMs.
For a visual model of what this looks like see this image [2].
The relevant config is here:
https://github.com/abeluck/qubes-addons/blob/master/qubes-tor/start_tor_proxy.sh
I'm using tor-0.2.3 to take advantage of stream isolation.
Please scan the documentation for an idea of the goals of TorVM:
https://github.com/abeluck/qubes-addons/blob/master/qubes-tor/README.md
Soon I hope to provide a TorBrowser package (that doesn't use bundled
tor+vidalia to prevent tor-inside-tor scenarios).
Cheers,
~abel
[1]: http://qubes-os.org
[2]: http://s15.postimage.org/xrh0rh0s9/qubes_torproxy_config.png
that image from this blogpost
http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html
(NOTE: the configuration in this blog post is not what I've implemented,
see the script above)
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk