Access Gateway Port From Host
From Whonix
Contents
Access Whonix-Gateway ™ Port From Host[edit]
This is very esoteric and you probably don't need it! Advanced users only!
Only tested with Whonix ™ 0.5.6. Will need changes for later versions.
Example: Make port 9050 accessible from the host.[edit]
On the host...
In the Whonix-Gateway ™ VM network settings. Set up Port Forwarding: within the "Adapter 1" tab click "Advanced", then Port Forwarding. Insert a new rule as follows.
Name: 9050 Protocol: TCP Host IP: 127.0.0.1 Host Port: 9050 Guest IP: leave blank Guest Port: 9050
Or the same as command line.
VBoxManage modifyvm "Whonix-Gateway" --natpf1 "9050",tcp,127.0.0.1,9050,,9050
Inside Whonix-Gateway ™...
Add to /usr/local/etc/torrc.d/50_user.conf.
## 10.0.2.15 is usually obtained from VirtualBox's DHCP server. ## Hope this always works, otherwise you have to edit network config. ## and use a static virtual LAN IP. SocksPort 10.0.2.15:9050 ## The next line is not strictly required, neat for debugging. SocksPort 127.0.0.1:9050
Reload Tor.
After editing /usr/local/etc/torrc.d/50_user.conf, Tor must be reloaded for changes to take effect.
Note: If Tor does not connect after completing all these steps, then a user mistake is the most likely explanation. Recheck /usr/local/etc/torrc.d/50_user.conf and repeat the steps outlined in the sections above. If Tor then connects successfully, all the necessary changes have been made.
If you are using Qubes-Whonix ™, complete the following steps.
Qubes App Launcher (blue/grey "Q") → Whonix-Gateway ™ ProxyVM (commonly named 'sys-whonix') → Reload Tor
If you are using a graphical Whonix-Gateway ™, complete the following steps.
Start Menu → Applications → Settings → Reload Tor
If you are using a terminal-only Whonix-Gateway ™, press on Expand on the right.
Complete the following steps.
Reload Tor.
sudo service tor@default reload
Check Tor's daemon status.
sudo service tor@default status
It should include a a message saying.
Active: active (running) since ...
In case of issues, try the following debugging steps.
Check Tor's config.
sudo -u debian-tor tor --verify-config
The output should be similar to the following.
Sep 17 17:40:41.416 [notice] Read configuration file "/usr/local/etc/torrc.d/50_user.conf". Configuration was valid
Look at /etc/whonix_firewall.d/30_default.conf.
GATEWAY_ALLOW_INCOMING_FLASHPROXY=1 FLASHPROXY_PORT=9050
Debugging[edit]
Inside Whonix-Gateway ™...
Switch to clearnet user.
su clearnet
Whonix default username: user
Whonix default password: changeme
Test if the port you want to make available on the host is available from inside Whonix-Workstation ™. (If that's not the case, something is fundamentally wrong and you need to fix this first.)
Circumventing uwt curl wrapper.
/usr/bin/curl 127.0.0.1:9050
Circumventing uwt curl wrapper.
/usr/bin/curl 10.0.2.15:9050
It should answer "Tor is not a http proxy".
Testing[edit]
On the host...
/usr/bin/curl 127.0.0.1:9050
Forwarding that port to LAN[edit]
On the host...
This is untested, but should work.
You can use something like socat or systemd-socket-proxyd to redirect that port 127.0.0.1:9050 to a different network interface. Otherwise you could experiment with the Whonix-Gateway ™ VM network settings.
See Also[edit]
No comments for now due to spam. Use Whonix forums instead.
Have you contributed to Whonix ™? If so, feel free to add your name and highlight what you did on the Whonix authorship page.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.
Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.