"Firewall"
by aiwl01 - November 21, 2020 at 04:20 PM
#1
Hello!

I have set up 2 virtual machines (A and B).

A is the one i'm working with. A has only one network-interface which is connected to B.

B is a linux server with ip_forward = 1 and two network-interfaces. One to A and the other one is connected to the internet.

I would like to filter traffic on B. How could i drop all connections from A which are not transmitted with TOR? Is this possible with iptables?
Reply
#2
Just use Whonix mate ! All done for you and much more improvements!

https://www.whonix.org
Reply
#3
(December 03, 2020 at 03:30 PM)peterx1 Wrote: Just use Whonix mate ! All done for you and much more improvements!

https://www.whonix.org

I'm using Tails which should be the same (i guess?).

But i want to code something and configure some stuff. If there is a misconfig or someone found a vulnerability in Tails which breaks the TOR-Proxy usage, I want to have a "Firewall" which stops it.
Reply
#4
Whonix it's better for your use case. Tails is more anti-forensic, amnesic.
Whonix uses two virtual machines. One gateway and workstation. You do all your work in workstation and everything is routed to gateway and to tor. When you work in workstation no dns, ip leaks is possible if you get hacked, or somehow compromised.
look here
https://www.schneier.com/blog/archives/2...elped.html
https://www.whonix.org/wiki/Comparison_with_Others
Reply
#5
(December 03, 2020 at 07:14 PM)peterx1 Wrote: Whonix it's better for your use case. Tails is more anti-forensic, amnesic.
Whonix uses two virtual machines. One gateway and workstation. You do all your work in workstation and everything is routed to gateway and to tor. When you work in workstation no dns, ip leaks is possible if you get hacked, or somehow compromised.
look here
https://www.schneier.com/blog/archives/2...elped.html
https://www.whonix.org/wiki/Comparison_with_Others

Thx sounds like it fits my usecase. I will look at it :D
Reply
#6
thanks for that info, will check whonix.
Reply
#7
(December 03, 2020 at 07:14 PM)peterx1 Wrote: Whonix it's better for your use case. Tails is more anti-forensic, amnesic.
Whonix uses two virtual machines. One gateway and workstation. You do all your work in workstation and everything is routed to gateway and to tor. When you work in workstation no dns, ip leaks is possible if you get hacked, or somehow compromised.
look here
https://www.schneier.com/blog/archives/2...elped.html
https://www.whonix.org/wiki/Comparison_with_Others

Finally I read all of the documentation and it's pretty much the same architecture I was thinking about :D

Thanks for the advice :D
Reply
#8
you can create vlans or network namespace for every vm
Reply
#9
I'm guessing probably...(Don't know how). I would be worried tables could be accidentally flushed, or something else happening.

If your goal is to make sure tor machine doesn't touch the net...but you want it on the net, I would consider running a VM inside of another machine. (Like setup Debian under Hyper-V on Windows, though there are probably better / more secure VM solutions). Then when you setup the net for the VM, just make it use localhost.

You could maybe achieve the same thing with docker containers/kubernetes? I dunno.
Reply
#10
(November 21, 2020 at 04:20 PM)aiwl01 Wrote: Hello!

I have set up 2 virtual machines (A and B).

A is the one i'm working with. A has only one network-interface which is connected to B.

B is a linux server with ip_forward = 1 and two network-interfaces. One to A and the other one is connected to the internet.

I would like to filter traffic on B. How could i drop all connections from A which are not transmitted with TOR? Is this possible with iptables?

Darren Kitchen from Hak5 has a video about creating a VPN firewall with a Pinapple AP. The IP Tables firewall rules he uses to kill the connection if the VPN drops can probably be used to use the Tor connection instead of a VPN tunnel. Sorry I dont remember much about the video other than it was like 2 IpTables commands that you can write simple bash script for that vm.
Reply

 Users browsing this thread: 1 Guest(s)