On Fri, May 27, 2011 at 06:44:36AM -0700, [email protected] wrote: > On Thursday 26 May, 2011 06:44:19 [email protected] wrote: > > On Thursday 26 May, 2011 05:37:06 Eugen Leitl wrote: > > > Why don't you like Linux vserver? My relay did some 350 GByte/day, > > > in a vserver guest on a low-end Atom box. > > > > It must necessarily share the network setup with the host, and so the LAN > > class C since I can't set up the router downstream with multiple IPs. Not > > secure. Also it would have the same firewall settings, and that is not > > acceptable either. > > So nobody's actually thought about security for a relay > and the need for a relay to be in the same class C as > the LAN in order to access the router? What can be done?
Your setup is unusual. One is typically using nonpublic addresses for guests and physical machines, and maps subnets and/or ports to inside. Separating traffic into VLANs. In general having a lot more control of the hardware layer. I don't know why you say Class C, everything is CIDR now. -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
