Question: Hidden Services, Virtual Machines, and iptables
Ringo
2600denver at gmail.com
Wed Jul 8 05:38:52 UTC 2009
That's a good solution, but it sounds like it would take lots of
memory/cpu, especially if you're running both of these VMs from an
encrypted partition. If a serious exploit was found in Tor (or
implemented in Tor), it would still be able to break out of the main VM,
but at least it still wouldn't have a real IP address.
I still feel like there's got to be a simpler way to do this.
Ringo
coderman wrote:
> On Tue, Jul 7, 2009 at 6:10 PM, Ringo<2600denver at gmail.com> wrote:
>> ...
>> One could.. run Tor inside the vm and have that torrc contain the
>> instructions for the hidden service. The problem then, is that the vm
>> has to access the web. ...
>>
>> Of course, one could always run a hidden service on the host machine and
>> then redirect all traffic to the vm, but the pitfalls in this are
>> obvious....
>> Does anybody have any solutions to this dilemma or thoughts on ways to
>> restructure the model so this isn't a problem?
>
> in such a configuration i prefer to use two virtual machines.
>
> one vm has host-only networking to serve hidden service content.
>
> second vm hosts Tor router with hidden service pointed at vm host.
>
> host uses iptables redirect and/or tcp proxy to connect hidden service
> connections from Tor VM to hidden service VM port at host-only
> endpoint.
>
> (there are variations on this theme...)
>
> best regards,
>
More information about the tor-talk
mailing list