Jailed/sandboxed/chrooted applications
Adlesshaven
adlesshaven at embarqmail.com
Fri Jan 2 18:04:38 UTC 2009
Fabian Keil wrote:
> Adlesshaven <adlesshaven at embarqmail.com> wrote:
>
>
>> Does anyone here jail, sandbox or chroot the applications they use with Tor?
>>
>
> I'm running Tor and Privoxy in FreeBSD jails,
> Xorg applications (which probably pose a bigger thread)
> are running on the host system, though.
>
>
>> I have been trying to adapt the Wiki's transparent proxy recommendations
>> to a FreeBSD jail for the last couple weeks with no luck.
>>
>
> I wrote about trans-proxy-tor running in a FreeBSD jail at:
> http://www.fabiankeil.de/blog-surrogat/2006/06/15/jail-experimente-mit-ezjail.html
>
> The text is in German but the only thing that really matters is
> the /etc/devfs.rules example to make /dev/pf visible in the jail.
>
> Nowadays I use Tor's TransPort option instead of trans-proxy-tor,
> but the configuration is pretty much the same.
>
> Fabian
>
Interesting. You used pretty much the reverse of what I was doing.
My process is something like:
Set up a jail with sshd
Install xauth, firefox, thunderbird, etc. in the jail
Set up ssh outside the jail to be able to connect to the jail
and have X connections forwarded
Set up PF to forward all connections to Tor's TransPort,
which is on the host system
Use ssh to start a program, eg firefox, and it appears
on the host system's desktop
What I am having trouble with is step 4. It *looks* like PF
is working fine, but Tor doesn't see the traffic to the TransPort.
I think I have just been designing the firewall rules stupidly.
The Tor Wiki gives a different scenario so it isn't too helpful.
More information about the tor-talk
mailing list