> > You do not mention the threats you worry about and assets > > you care about (thread model + security requirements). > > Yes that's because I don't know what threats there may be. > I am a user, I don't have an MS in Computer Science. > For example I don't understand, "maps subnets and/or ports > to inside. Separating traffic into VLANs. In general > having a lot more control of the hardware layer." > > What good is this if users can't secure their own machine > effectively? Why set up a relay if my own machine could > be compromised? No wonder you have a hard time > recruiting relays, much less exit points. I guess the > coyness here is for some good reason, but it's not doing > the cause any good. Looks like I have to give up on a relay.
Well, it appears that you do have a threat model in mind. It seems that you are concerned with people using your relay to attack your local machines. Those are valid concerns, that is the threat model you are hoping to get advice against. You have received some advice against it, but you do not appear to understand this advice, which is fine, please ask more questions then. I think that your concerns are valuable, they often concern me also, and I am sometimes surprised that others are not concerned about this on their home networks. I agree that the tor project could provide some more advice on dealing with this. I suspect the reason that you don't see this is because either most people assume it is just too hard, or to those for whom it is not too hard, they just know how todo it and think that it will be too hard to explain to others (with good reason). Nevertheless, it might be worth trying. > Nevertheless it is still necessary to share 192.168.*.* > with the local LAN. I want to avoid this The reason you want to avoid this I suspect is because you want to prevent someone from owning your relay, and then attacking the rest of your network from inside your local hardware firewall (likely a DSL or cable modem)? Is that correct? The solution that I suggested with vservers will allow you to prevent local network snooping (eavesdropping on packets not intended for you vserver), but it will not prevent your vserver from directly attempting to communicate with other machines (including your host) inside your firewall unless additional rules are added to your host, likely using iptables or something like this. Using lxc you would likely want those same rules, but perhaps you would need more to prevent eavesdropping. It would be nice is someone who has done this could help write a guide to do this. If no one has done this yet, I think that it would be valuable, and perhaps it should even become recommended practice eventually. Just my .02 cents, -Martin _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
