TOR Breakout Prevention (Poor Man's Solution)

The idea here is to make a virtual machine that can only connect to another VM (the router) which is running TOR. With this, you could a) run dangerous apps like flash, javascript, etc with impunity b) even if someone hacks you (through your web browser or if you're running a hidden service through your service) and gets root access to your system (the VM) they won't be able to connect to the outside world.

I never finished this exercise because it wasn't working 100% and didn't want to keep polishing it. It still might be useful someday. Could be combined with my OpenVPN VM Network to do stuff as well.

Here's what kept me back:

the libvirt "isolated" network gives access to the hypervisor system, you'd need to setup a virtual network manually
I was hoping to test out a hidden service, but realized I can't poke a hole in my firewall for TOR, so I have no way for traffic to get back to me...despite some notes found saying that TORs reverse proxy might be able to do this

Unfinished notes:

Keys, keep the VM router very locked down. Only the TOR service (or possibly privoxy/polipo) should be accessible. No httpd, sshd, etc.

Gateway VM

2 Ethernet Interfaces
- Internet
- Hypervisor segregated network

Setup:
edit /etc/network/interfaces

auto eth1
iface eth1 inet static
            address 10.34.100.2
            network 10.34.100.0
            netmask 255.255.255.0

No gateway.
sudo service networking restart

edit /etc/tor/torrc
SocksListenAddress 10.34.100.2

HiddenServiceDir /home/user/servicename
HiddenServicePort 80 10.34.100.3:80

Access VM

forward-socks5   /               127.0.0.1:9050 .