> OK, it's the original poster here. > The consensus so far is that anything I run inside sys-net should be > vulnerable, and that it is advised not to run programs in sys-net. > > So, in this case, how am I supposed to run my Ethernet Tor hotspot..?
I think you're going to have be more specific about what "ethernet tor hostpot" means. Hotspots are typically publicly accessible WiFi internet access points. ("Ethernet" to me implies wired, so hotspot makes a bit less sense.) > I had somebody write me a script that lets Qubes connect by WiFi to my > home router, and then serve out an Ethernet hotspot that runs everything > through Tor. > The program works fine, but yes, it does run within sys-net. "serve out an ethernet hotspot" and "runs everything through tor" are confusing phrases to me. Are you running a Tor Relay? Or a Wifi hotspot that sends things through Tor? Again, if you're more specific about what you're doing, you'll get better responses. If you are running a network-facing service, such as a WiFi hotspot or a gateway into your system for yourself, sys-net would indeed be a reasonable place locate such a service. At the very least, if you're handling incoming connections, you'll need some port forwarding in sys-net to another VM that provides the service. If you are running a WiFi hotspot that forwards things through the Tor network, I'd run tor in another VM and forward the requests from sys-net with iptables. Tor isn't exactly a monster, but it's certainly a hacking target for NSA and organized crooks, so I'd lean towards having it out of sys-net. Frankly, if you're just looking for a good personal VPN style thing, I'd take a closer look at that streisand link I posted earlier, and leave your personal home Qubes system out of it. $5/mo for a server to run streisand to eliminate incoming connections on your home system, is well worth it. Unless I completely misunderstand what you're trying to achieve, which is entirely possible. JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1eeeb93551d30e346fd18edf451df272.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.