I’ve never heard of this organization before but I find it quite fascinating! Particularly their other story about getting a direct basement-to-exchange link from their fiber infrastructure provider is pretty cool, too!
I found it interesting that they didn’t even consider using nftables for this. Working with it was much more understandable to me than iptables, so much so that I didn’t feel the need for an additional layer of firewall management on top.
I guess another way of solving that would be to isolate each tor node into a separate network namespace and use something like ipvlan interfaces. Probably this is much more work to set up.
Skimming through the tor configuration options, I wonder why OutboundBindAddress and similar options cannot be used for this scenario, though?
we have obtained the IPv6 PI subnet 2001:67c:e28::/48 and acquired the IPv4 subnet 64.190.76.0/24 through a transfer from ARIN. This means we […] control and receive any related abuse reports
I’ve never heard of this organization before but I find it quite fascinating! Particularly their other story about getting a direct basement-to-exchange link from their fiber infrastructure provider is pretty cool, too!
I found it interesting that they didn’t even consider using
nftablesfor this. Working with it was much more understandable to me than iptables, so much so that I didn’t feel the need for an additional layer of firewall management on top.I guess another way of solving that would be to isolate each tor node into a separate network namespace and use something like ipvlan interfaces. Probably this is much more work to set up.
Skimming through the tor configuration options, I wonder why
OutboundBindAddressand similar options cannot be used for this scenario, though?That’s really cool!