On 2016-12-18 11:41, Arne Babenhauserheide wrote:
[email protected] writes:
* Whonix Gateway is a separate VM that forces all traffic thru any
anonymous network of choice
* Whonix Workstation - The untrusted VM where users run applications
configured with safe defaults that can only access the network via a
virtual isolated NIC connected only to Whonix Gateway.
For this to work with Freenet we need to make sure that:
* Freenet on the the Gateway can be locked down preventing malicious
commands from affecting its configuration.
Freenet has a "public gateway" mode which limits the amount of changes
the user can do to the Freenet instance.
* Public gateway mode? (Only applies to allowed but non-full-access
connections)
Should we enable public gateway mode? For IPs which are allowed to
access Freenet, but are not allowed full access, this option disables
the download queue and anything else that might conceivably be abused
to attack the Freenet node, while still allowing browsing
freesites. They will also only see the default bookmarks, not your
bookmarks. IP addresses with full access will be allowed to configure
the node. You will still need to configure allowed addresses and bind
address to get a true public gateway; you should do this after
restarting.
Nice. Though we wouldn't allow even we-browsing via fproxy either - just
a minimal network interface to make connections via the gateway node.
More on this below.
→ http://127.0.0.1:8888/config/fproxy?fproxyAdvancedMode=2
* Hosts allowed full access
IP addresses which are allowed full access to your Freenet
node. Clients on these IPs may restart Freenet, reconfigure it,
etc. Note that ALL clients are allowed to do direct disk I/O!
→ http://127.0.0.1:8888/config/fcp?fproxyAdvancedMode=2
For our purposes we would never need to allow full access to any host
since a user can administer it from the gateway's VM GUI console.
* A second Freenet instance in the Workstation is running in a dummy
mode thats used to run Freenet plugins/applications and connects via
the
Gateway Freenet to make network requests while any data is cached only
on the workstation.
Sounds good.
You can either connect the second instance to the workstation via
friend-to-friend mode (this won’t be very fast, though, since load
balancing will give you only a fair fraction of the bandwidth of the
gateway), or you can SSH-forward the FCP and web port of the gateway to
the local system (this is what I do: Freenet runs on my homeserver and
the local system only gets the ports via SSH). Then the applications
can
run on the local system (but plugins still run on the gateway).
In principle the F2F way seems closest to what we need. Though it has
the downsides of limited performance and probably complicated to
automate since a noderef needs to be exchanged out of band first. I'm
thinking some of Freenet supporting an explicit 'proxy mode' where it
would provide a SOCKS interface for Freenet on the workstation to use
for outbound connections.
The SSH method is not really desirable since it would increase the
gateway's attack surface and we stick to running the absolute minimum of
network listening processes on there.
_______________________________________________
Devl mailing list
[email protected]
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
