With a little luck, this will prevent most arsey Tor-blocking services
from rejecting innocent traffic.
;; Entry is via little router box.
(dmz :net dmz)
(guvnor (inside :svc gate.dmz) (dmz :a guvnor.dmz))
+ (anon (dmz :a anon.dmz))
(gate (dmz :a gate.dmz))
(nat (dmz :a nat.dmz))
;; Local services.
:svc vampire
- ((www krb ftp rsync wiki git bugs mail db tor i2p rawk vox www-cache)
+ ((www krb ftp rsync wiki git bugs mail db i2p rawk vox www-cache)
:svc vampire)
;; Internal services.
#+view/inside ((ntp) :svc ibanez.unsafe)
#+view/inside ((wpad ntp1 news) :svc vampire.unsafe)
+ ;; Anonymity services.
+ (tor :svc #+view/inside vampire.unsafe
+ #-view/inside anon.dmz)
+
;; Wired ethernet.
(wired :net wired)
(vampire (unsafe :a vampire.unsafe)
(defhost artist.dmz (dmz 5))
(defhost vampire.dmz (dmz 6))
(defhost ibanez.dmz (dmz 9))
+(defhost anon.dmz (dmz 12))
(defhost gate.dmz (dmz 13))
(defhost nat.dmz (dmz 14))