-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathAccess_Gateway_Port_From_Host.mw
147 lines (101 loc) · 4 KB
/
Access_Gateway_Port_From_Host.mw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
{{Header}}
{{title|
title=Access {{gateway_product_name}} Ports from the Host
}}
{{#seo:
|description=Access {{gateway_product_name}} Port From Host (Esoteric Documentation)
|image=https://www.{{project_clearnet}}/w/images/c/ce/Accessgateway.jpg
}}
[[image:Accessgateway.jpg|thumb]]
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = This is very esoteric and you probably do not need it! Advanced users only!
}}
= Access {{gateway_product_name}} Port From Host =
'''Not tested since {{project name}} 0.5.6. May or may not work. Might need changes for later versions.'''
== Example: Make port 9050 accessible from the host. ==
=== Host Setup ===
On the host.
In the {{gateway_product_name}} VM network settings. → Set up Port Forwarding: → within the <code>Adapter 1</code> tab click <code>Advanced</code> → then <code>Port Forwarding</code> → Insert a new rule as follows.
<pre>
Name: 9050
Protocol: TCP
Host IP: 127.0.0.1
Host Port: 9050
Guest IP: leave blank
Guest Port: 9050
</pre>
Or the same as command line. You might have to adjust the name of your Whonix-Gateway.
XFCE:
{{CodeSelect|code=
VBoxManage modifyvm "{{gateway_product_name_short}}-XFCE" --natpf1 "9050",tcp,127.0.0.1,9050,,9050
}}
CLI:
{{CodeSelect|code=
VBoxManage modifyvm "{{gateway_product_name_short}}-CLI" --natpf1 "9050",tcp,127.0.0.1,9050,,9050
}}
=== {{gateway_product_name}} Setup ===
Inside {{gateway_product_name}}...
IP <code>10.0.2.15</code> is usually obtained from VirtualBox's DHCP server. Hope this always works, otherwise you have to adjust the IP or edit the network config. And use a static virtual LAN IP. ([[Template:Network_Config]])
{{Open /usr/local/etc/torrc.d/50_user.conf}}
Add. (The second line is not strictly required, useful for debugging.)
{{CodeSelect|code=
+SocksPort 10.0.2.15:9050
+SocksPort 127.0.0.1:9050
}}
Save.
{{Reload Tor}}
<ref>
* https://github.com/Whonix/whonix-firewall/blob/master/etc/whonix_firewall.d/30_whonix_gateway_default.conf
* https://forums.whonix.org/t/redirect-host-traffic-to-whonix-gateway-allow-multiple-incoming-flashproxy-ports/7448
* Look at <code>/etc/whonix_firewall.d/30_whonix_gateway_default.conf</code>.
{{Open File|filename=
/etc/whonix_firewall.d/30_whonix_gateway_default.conf
}}
Read information about the following configuration options.
{{CodeSelect|code=
EXTERNAL_OPEN_PORTS+=" 9050 "
EXTERNAL_UDP_OPEN_PORTS+=" 9050 "
}}
</ref>
{{Firewall Settings}}
Add.
{{CodeSelect|code=
EXTERNAL_OPEN_PORTS+=" 9050 "
EXTERNAL_UDP_OPEN_PORTS+=" 9050 "
}}
Save.
{{Reload Firewall}}
== Debugging ==
Inside {{gateway_product_name}}...
Switch to clearnet user.
{{CodeSelect|code=
sudo -u clearnet bash
}}
{{CodeSelect|code=
cd ~
}}
Test if the port you want to make available on the host is available from inside {{workstation_product_name}}. (If that's not the case, something is fundamentally wrong and you need to fix this first.)
Circumventing [[Stream_Isolation|uwt]] curl wrapper.
{{CodeSelect|code=
UWT_DEV_PASSTHROUGH=1 curl --output - 127.0.0.1:9050
}}
It should answer <code>This is a SOCKs proxy, not an HTTP proxy.</code>.
== Testing ==
On the host...
{{CodeSelect|code=
curl 127.0.0.1:9050
}}
It should answer <code>This is a SOCKs proxy, not an HTTP proxy.</code>.
If you see that, that indicates that Tor is, which runs inside {{gateway_product_name}} is accessible on the host as well.
== Forwarding that port to LAN ==
On the host...
This is untested, but should work.
You can use something like <code>socat</code>, <code>systemd-socket-proxyd</code> or [[SSH]] port forwarding to redirect that port <code>127.0.0.1:9050</code> to a different network interface. Otherwise you could experiment with the {{gateway_product_name}} VM network settings.
= See Also =
* [[Hosting a %28private%29 %28obfuscated%29 bridge or %28exit%29 relay|Hosting a (private) (obfuscated) bridge or (exit) relay]]
* [[Ports]]
* [[Access Workstation Port From Host|Access {{workstation_product_name}} Ports from the Host]]
{{Footer}}
[[Category:Documentation]]