Running Tor service in the jail environment

[Shawn Webb]

On Tue, Dec 11, 2018 at 01:41:50AM +0000, Hubert Hauser wrote:
> I want to torify my FreeBSD old machine purposed to mainly darknet
> activities.
> 
> Should I worry about these errors during creating jail?
> 
> |Warning: Some services already seem to be listening on all IP,
> (including 127.0.1.1) This may cause some confusion, here they are: root
> ntpd 58008 20 udp6 *:123 *:* root ntpd 58008 21 udp4 *:123 *:* root lpd
> 48726 6 tcp6 *:515 *:* root lpd 48726 7 tcp4 *:515 *:* Warning: Some
> services already seem to be listening on IP 192.168.1.105 This may cause
> some confusion, here they are: root ntpd 58008 23 udp4 192.168.1.105:123
> *:* Warning: Some services already seem to be listening on all IP,
> (including 192.168.1.105) This may cause some confusion, here they are:
> root ntpd 58008 20 udp6 *:123 *:* root ntpd 58008 21 udp4 *:123 *:* root
> lpd 48726 6 tcp6 *:515 *:* root lpd 48726 7 tcp4 *:515 *:|
> 
> Should jail have access to loopback interface and public Ethernet
> interface assuming that all traffic from this machine will be routed
> through Tor? Is it necessary to set up a virtual network interface to
> communicate between jails?

I wouldn't use a jail for that. Take a look at this article I wrote
about how to use Tor in the manner you're looking for:

https://github.com/lattera/articles/blob/master/infosec/tor/2017-01-14_torified_home/article.md

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
Tor+XMPP+OTR:        lattera at is.a.hacker.sx
GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20181211/ab5e1c45/attachment.sig>