> OK, it's the original poster here.
> The consensus so far is that anything I run inside sys-net should be
> vulnerable, and that it is advised not to run programs in sys-net.
>
> So, in this case, how am I supposed to run my Ethernet Tor hotspot..?
I think you're going to have be more specific about what "ethernet tor
hostpot" means. Hotspots are typically publicly accessible WiFi internet
access points. ("Ethernet" to me implies wired, so hotspot makes a bit
less sense.)
> I had somebody write me a script that lets Qubes connect by WiFi to my
> home router, and then serve out an Ethernet hotspot that runs everything
> through Tor.
> The program works fine, but yes, it does run within sys-net.
"serve out an ethernet hotspot" and "runs everything through tor" are
confusing phrases to me. Are you running a Tor Relay? Or a Wifi hotspot
that sends things through Tor? Again, if you're more specific about what
you're doing, you'll get better responses.
If you are running a network-facing service, such as a WiFi hotspot or a
gateway into your system for yourself, sys-net would indeed be a
reasonable place locate such a service.
At the very least, if you're handling incoming connections, you'll need
some port forwarding in sys-net to another VM that provides the service.
If you are running a WiFi hotspot that forwards things through the Tor
network, I'd run tor in another VM and forward the requests from sys-net
with iptables. Tor isn't exactly a monster, but it's certainly a hacking
target for NSA and organized crooks, so I'd lean towards having it out of
sys-net.
Frankly, if you're just looking for a good personal VPN style thing, I'd
take a closer look at that streisand link I posted earlier, and leave your
personal home Qubes system out of it. $5/mo for a server to run streisand
to eliminate incoming connections on your home system, is well worth it.
Unless I completely misunderstand what you're trying to achieve, which is
entirely possible.
JJ
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/1eeeb93551d30e346fd18edf451df272.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.
