29/10/12 19:54, [email protected] wrote: >> IIRC, VirtualBox host software sets iptables/netfilter up in a way >> that makes the guest system bypass the existing firewall / or be >> blocked by it, so some care should be taken on this side. > > One idea is to use host-only networking in the virtualbox guest, and the > apps in the guest can connect to appropriate socks-port(s) on the hosts > host-only adapter
Sure, a host-only adapter probably make this easier than the bridged setup described in the link. > Bridge mode is the problem, it would be worth checking if the amnesia user > can leverage the virtualbox bridge kernel module/driver to bypass tor. > This would violate tails design because currently the amnesia user is not > allowed direct internet access. This is interesting and certainly needs to be investigated further (added to todo item). My initial testing shows that, indeed, bridged adapters bypass the host's firewall. > Bridge mode and NAT support could simply be left out alltogether from > tails, any drivers deleted/not-installed Allowing NAT is at least not a leaking-related problem since the NAT:ed traffic appears "normally" in the host OS, so in Tails it will be caught by the firewall. > If the kernel modules for bridge and NAT adapters is left out of tails, > that would leave only the host-only networking adapter. vboxnetflt is used for bridged adapters, but host-only adapters requries *both* vboxnetadp and vboxnetflt to be loaded. _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
