Jump to: navigation, search

Access Gateway Port From Host

Access Whonix-Gateway Port From Host[edit]

This is very esoteric and you probably don't need it! Advanced users only!

Only tested with Whonix 0.5.6. Will need changes for later versions.

Example: Make port 9050 accessible from the host.[edit]

On the host...

In the Whonix-Gateway VM network settings. Set up Port Forwarding: within the "Adapter 1" tab click "Advanced", then Port Forwarding. Insert a new rule as follows.

Name: 9050
Protocol: TCP
Host IP:
Host Port: 9050
Guest IP: leave blank
Guest Port: 9050

Or the same as command line.

VBoxManage modifyvm "Whonix-Gateway" --natpf1 "9050",tcp,,9050,,9050

Inside Whonix-Gateway...

Add to /etc/tor/torrc.

## is usually obtained from VirtualBox's DHCP server.
## Hope this always works, otherwise you have to edit network config.
## and use a static virtual LAN IP.

## The next line is not strictly required, neat for debugging.


Reload Tor.

After editing /etc/tor/torrc you must reload Tor so your changes take effect. (Note: if after completing all these steps and you are not able to connect to Tor, you have most likely done something wrong. Go back and check your /etc/tor/torrc and redo the steps outlined in the sections above. If your are able to connect to Tor, then you have completed your changes correctly.)

For Qubes-Whonix, complete the following steps:

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named 'sys-whonix') -> Reload Tor

For graphical Whonix-Gateway, complete the following steps:

Start Menu -> Applications -> Settings -> Reload Tor

For terminal-only Whonix-Gateway, press on expand on the right.

Complete the following steps:

Reload Tor.

sudo service tor@default reload

Check Tor's daemon status.

sudo service tor@default status

It should include a a message saying.

Active: active (running) since ...

In case of issues, try the following debugging steps.

Check Tor's config.

sudo -u debian-tor tor --verify-config

Should show something like the following.

Sep 17 17:40:41.416 [notice] Read configuration file "/etc/tor/torrc".
Configuration was valid

Look at /etc/whonix_firewall.d/30_default.conf.



Inside Whonix-Gateway...

Switch to clearnet user.

su clearnet

Test if the port you want to make available on the host is available from inside Whonix-Workstation. (If that's not the case, something is fundamentally wrong and you need to fix this first.)

Circumventing uwt curl wrapper.


Circumventing uwt curl wrapper.


It should answer "Tor is not a http proxy".


On the host...

It should answer "Tor is not a http proxy". If you see that, that indicates that Tor is, which runs inside Whonix-Gateway is accessible on the host as well.

Forwarding that port to LAN[edit]

On the host...

This is untested, but should work, otherwise get in contact.

You can use something like rinetd to redirect that port to a different network interface. Otherwise you could experiment with the Whonix-Gateway VM network settings.

Random News:

Join us testing new AppArmor profiles for improved security! (forum discussion)

Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.