LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-20-2007, 07:35 PM   #1
lothario
Member
 
Registered: Apr 2004
Posts: 340

Rep: Reputation: 30
Firewall with Anonymity


I need to install a firewall on an old PC.

The requirements are:
  • NAT
  • DHCP server
  • Proxy
  • Anonymity

So that http and ftp access is anonymized.
Something like a "tor" appliance?

What would you recommend?

Last edited by lothario; 10-20-2007 at 07:36 PM.
 
Old 10-20-2007, 08:16 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Tor can be made to provide service for a LAN.

Throw-in Privoxy, iptables, and dnsmasq or dhcpd and your requirements should be met.

NOTE: Please remember that using Tor for unencrypted traffic such as HTTP and FTP is extremely dangerous. A rogue exit-node can easily read, insert, and modify any unencrypted traffic between clients and servers without either party knowing that the link has been compromised.

Last edited by win32sux; 10-20-2007 at 08:31 PM.
 
Old 10-20-2007, 08:51 PM   #3
lothario
Member
 
Registered: Apr 2004
Posts: 340

Original Poster
Rep: Reputation: 30
Thanks for the suggestion.
I'll read it.

(Some background - I need set up test environment for an array of different servers and DHCP client devices.)

Many DHCP clients behind this firewall will be small embedded devices. Which means:
  1. All 3rd party hardware. I have very little control over them.
  2. Basically, they can be setup as DHCP clients. That is about it.
  3. Once they have internet access, they will use http to access web pages.
  4. They use this web access to decide if they need to update themselves.
  5. They use http or ftp to download their own updates.
  6. They update themselves.
  7. Finally, reboot themselves to become DHCP clients again.

In other words, I cannot force these clients go to a socks proxy.
I can however, make sure that TOR is the only "server" on this LAN.

Given this scenario - Can TOR still provide (anonymized) service to this LAN?

The anonymized service is important because I have to preserve the identity and the origin of each of these embedded devices.
So that the servers in the test environment provide equal access to any request.
 
Old 10-20-2007, 09:21 PM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
The clients just need to be set to use Privoxy as an HTTP proxy. SOCKS would only be used by Privoxy to communicate with Tor. You can even have the clients get transparently proxied if you place a transparent proxy in front of Privoxy (make sure you disable any DNS functionality in such a proxy).

As for your clients getting their updates via an insecure connection, you should be okay as long as all the downloaded files are digitally signed, so you can make sure they are authentic and untampered with. It's good that you can use either HTTP or FTP because Privoxy isn't FTP-compatible AFAIK.

Last edited by win32sux; 10-20-2007 at 09:43 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Scalable anonymity with I2P LXer Syndicated Linux News 1 02-05-2008 12:40 AM
LXer: Make Internet Better By Killing Anonymity LXer Syndicated Linux News 1 03-29-2007 04:37 AM
router billion 5102 has firewall and software firewall tests aus9 Linux - Security 6 12-31-2006 10:09 PM
LXer: Domain name contact information and the right to anonymity LXer Syndicated Linux News 0 02-07-2006 09:46 AM
Firewall Builder sample firewall policy file ? (.xml) nuwanguy Linux - Networking 0 09-13-2003 12:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration