[tor-talk] corridor, a Tor traffic whitelisting gateway
Sebastian G. <bastik.tor>
bastik.tor at googlemail.com
Fri Feb 14 16:40:01 UTC 2014
14.02.2014 15:12, Rusty Bird:
> ## Principle of operation
>
> 1. Either run the corridor-data-consensus daemon script, which opens a
> Tor control connection and subscribes to NEWCONSENSUS events
> (announcements listing all public relays), or pipe any number of
> "Bridge" lines into corridor-data-bridges.
> 2. That data gets sent to corridor-helper-update, which atomically
> updates a Linux ipset (a list of IP-address:TCP-port entries accessible
> in constant time) named tor_relays.
Atomically is anatomically acceptable, but automatically appear to be
adequate.
(There's a spelling mistake and playing with words is fun. The sentences
is full of a's for that purpose.)
>
> ## Pitfalls
>
> **To be secure, your new gateway needs two separate network
> interfaces**, like two Ethernet NICs, or one WiFi radio and one DSL
> modem. One is to receive incoming traffic from client computers, the
> other one is to pass the filtered traffic towards the global internet,
> **and they need to be on different networks**: Clients must not be able
> to take a shortcut via DHCP, DNS, ICMP Redirect requests, and who knows
> what else.
Isn't this the most limiting factor?
How many systems have two separate networks? (Network interfaces might
be achievable easier)
Regards,
Sebastian G. (bastik)
More information about the tor-talk
mailing list