[tor-talk] Tor using KVM/bridge/iptable filters

adrelanos adrelanos at riseup.net
Fri Sep 6 16:28:13 UTC 2013


Jimmy Olson:
> Hi I am following the instructions on this page except it was wrong and the comment here fixes the problem
> 
> http://www.howtoforge.com/how-to-set-up-a-tor-middlebox-routing-all-virtualbox-virtual-machine-traffic-over-the-tor-network#comment-34269
> 
> I would like a VM to use tor and be able to use flash and anything w/o leaks. My problem is I don't understand this part of linux and how to use iptables. I'd like to drop everything except TCP. I don't know what DNS lookup uses (is it TCP?) but there are plenty of other protocols besides tcp and udp http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
> 
> How do I write rules that will drop everything except TCP and route it through tor?
> 
> My other question is instead of setting up a bridge on the host machine I'd like to do it on a VM. Then have qemu/kvm use the said bridge on the VM. However I don't know how to make the host machine see the bridge. Or how to create a bridge that goes from TorGuestVM<-(->HostMachine<-)->TorHostVM
> 
> I'm open to other ways as long as I can have a VM running with qemu/kvm that cannot communicate to the internet except through tor. Which I prefer to be in its own VM but the host is ok if I must.
> 
> I have looked at qubes. Qubes and xen doesn't seem to work on my hardware which is a disappointment.
> 
>  		 	   		  

Whonix (self-ad) does exactly this. Using VirtualBox and not KVM,
though. Iptables rules would be the same for any virtualizer. It's Open
Source, so you can see how it is implemented.


More information about the tor-talk mailing list