14.02.2014 15:12, Rusty Bird: > ## Principle of operation > > 1. Either run the corridor-data-consensus daemon script, which opens a > Tor control connection and subscribes to NEWCONSENSUS events > (announcements listing all public relays), or pipe any number of > "Bridge" lines into corridor-data-bridges. > 2. That data gets sent to corridor-helper-update, which atomically > updates a Linux ipset (a list of IP-address:TCP-port entries accessible > in constant time) named tor_relays.
Atomically is anatomically acceptable, but automatically appear to be adequate. (There's a spelling mistake and playing with words is fun. The sentences is full of a's for that purpose.) > > ## Pitfalls > > **To be secure, your new gateway needs two separate network > interfaces**, like two Ethernet NICs, or one WiFi radio and one DSL > modem. One is to receive incoming traffic from client computers, the > other one is to pass the filtered traffic towards the global internet, > **and they need to be on different networks**: Clients must not be able > to take a shortcut via DHCP, DNS, ICMP Redirect requests, and who knows > what else. Isn't this the most limiting factor? How many systems have two separate networks? (Network interfaces might be achievable easier) Regards, Sebastian G. (bastik) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
