TOR Breakout Prevention (Poor Man's Solution)

The idea here is to make a virtual machine that can only connect to another VM (the router) which is running TOR. With this, you could a) run dangerous apps like flash, javascript, etc with impunity b) even if someone hacks you (through your web browser or if you're running a hidden service through your service) and gets root access to your system (the VM) they won't be able to connect to the outside world.

I never finished this exercise because it wasn't working 100% and didn't want to keep polishing it. It still might be useful someday. Could be combined with my OpenVPN VM Network to do stuff as well.

Here's what kept me back:

Unfinished notes:

Keys, keep the VM router very locked down. Only the TOR service (or possibly privoxy/polipo) should be accessible. No httpd, sshd, etc.

Gateway VM

2 Ethernet Interfaces
 - Internet
 - Hypervisor segregated network

edit /etc/network/interfaces

auto eth1
iface eth1 inet static

No gateway.
sudo service networking restart

edit /etc/tor/torrc

HiddenServiceDir /home/user/servicename
HiddenServicePort 80

Access VM

forward-socks5   /      .