--- On Thu, 6/2/11, cac...@quantum-sci.com <cac...@quantum-sci.com> wrote:
> For those interested, so far my best idea is running the > daemon in a VirtualBox VM running SELinux as guest, and > bridged to the outside. This should substantially > solve most problems except membership in the local > LAN. I don't think that this would make for a best practice, I think that a linux lxc should be encouraged instead, it is way more efficient. > If only consumer-grade routers had VLan, although routers > aren't necessarily secure. Maybe a switch on the WAN > side of the router, to flange the LAN and Tor interface > together in a class C different from the LAN. As fir isolation, I think that a best practice should use iptable rules. But if you want to go the cheap hardware route, buy a $5/15 nic and add it to your box and plug that nic into your modem's DMZ port, most of them have one. -Martin _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk