As the router for a VirtualBox internal network, ra's Tor gateway VM <http://ra.fnord.at/> does basically what you describe. You could route that to a physical NIC on the host. Or you could replicate the setup in a Soekris etc box. JanusVM <http://janusvm.com/> might also work for you. Basically, it's a VM running Tor that you access through an OpenVPN tunnel.
On 07/08/11 12:47, Robin Kipp wrote: > Hi all, > so, I've been browsing the web using Tor for some time now, and I have to say > that, at least with the cir quid I am currently using, I'm quite impressed > with the performance, especially since I'm only connected through a 3g ap at > the moment! So, I've had a look around the Torproject site and reading up on > how it all works and what safeguarding should be performed in order to stay > secure. So, I was thinking, how could I get all the systems that are part of > my own home network to access the web securely and anonymously? Well, I came > up with the following idea, and since some of you guys may have tried this, > was wondering if this would be practicable: > on my network, all devices are behind a hardware firewall that performs NAT > and packet filtering for viruses and other malicious stuff (UTM). The > firewall acts as the DHCP within the network, and its WAN port is connected > to my router which only handles internet connections. So far for my current > network topology. Now, I was thinking of adding another gateway here. My idea > was to take an embedded PC (e.g. a Soekris box) and installing a distribution > such as Debian on its memory. Then, a DHCP could first be set up on this box. > Using iptables, network interface routing could be configured, so that > traffic arriving at the LAN network interfaces would be routed to one exit > point, the WAN interface. So, at this stage, the DHCP on the Debian machine > would assign IPs to clients connected to the LAN ports, and all traffic > arriving at these ports would be redirected to one port which would be the > WAN. Now, this box could, for example, be connected in between the firewall > and the rou te > r. So, the firewall would receive an IP from the Debian box, and all network > clients would still be behind the firewall. So then, when a client wants to > access the internet, it would first go through the firewall, from the > firewall to the Debian box and from there to the router and the web. Now, the > Debian box would have to route all connections through the Tor network. I > guess Polipo could be set up on the Debian box so that it will route all > outgoing connections through the Tor network. In this case, all traffic > passing through the box would be anonymized on the fly. However, some other > steps would have to be taken. For example, I guess it would be wise to > implement functionality such as offered by the SSL Everywhere Firefox > extension, so that SSL would automatically be enabled on as many sites as > possible. Also, it probably would be better to configure Polipo to reject any > Cookies, Java Applets, Flash and anything else that could compromise > security. As such limitations w > ould also limit "comfortable" browsing, I guess various modes could be > designed, such as a safe mode (fully anonymized), a restrictive mode (not > everything is blocked, thus potential security risks exist) and a > non-restrictive mode (all traffic is routed through Tor, however no packet > filtering is performed - most convenient but also most insecure). Also, both > safe and restrictive mode could perform things such as browser-header > obfuscation, geo-data obfuscation, etc. Sure, such concepts would probably > take some time and work in order to make everything work. Therefore, I > wondered if someone might be working on such a task already and if not, if > this would be a project which would make sense, and which would be worth > putting some effort into. I guess my idea probably isn't new to most people > dealing with Tor and secure networking, but I'm wondering if such a platform > already exists. I definitely will be working on this once I get back home, as > I think such an undertake wou ld > be quite useful to me personally! > Robin > _______________________________________________ > tor-talk mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
