TOR Breakout Prevention (Poor Man's Solution)

The idea here is to make a virtual machine that can only connect to another VM (the router) which is running TOR. With this, you could a) run dangerous apps like flash, javascript, etc with impunity b) even if someone hacks you (through your web browser or if you're running a hidden service through your service) and gets root access to your system (the VM) they won't be able to connect to the outside world.

I never finished this exercise because it wasn't working 100% and didn't want to keep polishing it. It still might be useful someday. Could be combined with my OpenVPN VM Network to do stuff as well.

Here's what kept me back:

Unfinished notes:

Keys, keep the VM router very locked down. Only the TOR service (or possibly privoxy/polipo) should be accessible. No httpd, sshd, etc.

Gateway VM

2 Ethernet Interfaces
 - Internet
 - Hypervisor segregated network

Setup:
edit /etc/network/interfaces

auto eth1
iface eth1 inet static
            address 10.34.100.2
            network 10.34.100.0
            netmask 255.255.255.0

No gateway.
sudo service networking restart

edit /etc/tor/torrc
SocksListenAddress 10.34.100.2

HiddenServiceDir /home/user/servicename
HiddenServicePort 80 10.34.100.3:80



Access VM

forward-socks5   /               127.0.0.1:9050 .