Host a Bridge or Tor Relay

From Whonix



You can still volunteer to Tor and host a bridge, private bridge, obfuscated bridge, private obfuscated bridge, middle node or exit relay when you are using Whonix ™. Either inside the Whonix-Gateway ™ or directly on the host.


Hosting a Tor relay and/or bridge and using it to mix one's own traffic might be beneficial for anonymity. Advanced users only! Please refer to the write-ups by The Tor Project, the developers of the Tor software.

Quote The Tor Project New low cost traffic analysis attacks and mitigations [archive]:

In terms of mitigating the use of these vectors in attacks against Tor, here's our recommendations for various groups in our community:

Users: Do multiple things at once with your Tor client

Because Tor uses encrypted TLS connections to carry multiple circuits, an adversary that externally observes Tor client traffic to a Tor Guard node will have a significantly harder time performing classification if that Tor client is doing multiple things at the same time. This was studied in section 6.3 of this paper [archive] by Tao Wang and Ian Goldberg. A similar argument can be made for mixing your client traffic with your own Tor Relay or Tor Bridge that you run, but that is very tricky to do correctly [archive] for it to actually help.


Outside the Whonix-Gateway ™[edit]


Inside the Whonix-Gateway ™[edit]


This chapter hasn't been tested for a long time. Get in contact if you are interested in this configuration.

This is non-trivial for reasons outside of Whonix ™ control. For a large part unspecific to Whonix ™. It requires an open port to permit acceptance of unsolicited incoming connections. See Ports for explanation.

Prerequisite Knowledge[edit]

Various learning exercises are recommended before attempting to this set this up:

A) Set up web server reachable on PC. For example:

internet → home router → PC → web server

B) web server reachable in VM. i.e. internet → home router → PC → Debian (not Whonix ™) VM → web server

C) Only then try to do the same with Whonix ™ with Tor.


On the Whonix-Gateway ™.

1. Simply follow all the usual instructions given on inside the Whonix-Gateway ™ just as you would, if Tor wouldn't run inside a virtual machine.

2. Set up a port forwarding from the host to the virtual machine.

Go to Whonix-Gateway ™ → Settings → Network Interface → Port Forwarding.

3. Look at /etc/whonix_firewall/30_default.conf [archive].

4. Read the introduction comment about flexible modular configuration files.

5. Read the comment about Tor Relay Settings.

6. Close the file.

7. Modify Whonix-Gateway ™ User Firewall Settings

Note: If no changes have yet been made to Whonix Firewall Settings, then the Whonix User Firewall Settings File /usr/local/etc/whonix_firewall.d/50_user.conf appears empty (because it does not exist). This is expected.

If using Qubes-Whonix ™, complete these steps.
In Whonix-Gateway ™ AppVM. Make sure folder /usr/local/etc/whonix_firewall.d exists.

sudo mkdir -p /usr/local/etc/whonix_firewall.d

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ AppVM (commonly called sys-whonix)Whonix User Firewall Settings

If using a graphical Whonix-Gateway ™, complete these steps.

Start MenuApplicationsSettingsUser Firewall Settings

If using a terminal-only Whonix-Gateway ™, complete these steps.

In Whonix-Gateway ™, open the whonix_firewall configuration file in an editor.

sudoedit /usr/local/etc/whonix_firewall.d/50_user.conf

For more help, press on Expand on the right.

Note: This is for informational purposes only! Do not edit /etc/whonix_firewall.d/30_whonix_gateway_default.conf.

Note: The Whonix Global Firewall Settings File /etc/whonix_firewall.d/30_whonix_gateway_default.conf contains default settings and explanatory comments about their purpose. By default, the file is opened read-only and is not meant to be directly edited. Below, it is recommended to open the file without root rights. The file contains an explanatory comment on how to change firewall settings.

## Please use "/etc/whonix_firewall.d/50_user.conf" for your custom configuration,
## which will override the defaults found here. When Whonix is updated, this
## file may be overwritten.

See also Whonix modular flexible .d style configuration folders.

To view the file, follow these instructions.

If using Qubes-Whonix ™, complete these steps.

Qubes App Launcher (blue/grey "Q")Template: whonix-gw-16Whonix Global Firewall Settings

If using a graphical Whonix-Gateway ™, complete these steps.

Start MenuApplicationsSettingsGlobal Firewall Settings

If using a terminal-only Whonix-Gateway ™, complete these steps.

In Whonix-Gateway ™, open the whonix_firewall configuration file in an editor.

nano /etc/whonix_firewall.d/30_whonix_gateway_default.conf

8. Paste the following content. Adjust if necessary.

## Allow incoming DIRPORT connections for an optional Tor relay.

## Allow incoming ORPORT connections for an optional Tor relay.

## DIRPORT incoming port.

## ORPORT incoming port.

9. Reload Whonix-Gateway ™ Firewall.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named sys-whonix)Reload Whonix Firewall

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSystemReload Whonix Firewall

If you are using a terminal-only Whonix-Gateway ™, run.

sudo whonix_firewall

10. Done.

Other Easy Options[edit]

As a Firefox or Chrome browser / Chromium user, install an add-on to create a "flash" proxy bridge. "Flash" as in flashing proxy, not as in Adobe Flash. This has nothing to do with Adobe Flash.

For Chrome browser / Chromium, there is cupcake [archive]. Simply click to install the add-on and you're done.

For Firefox browser, there is Tor Flashproxy Badge [archive]. Simply click to install the add-on and you're done.

Fosshost is sponsors Kicksecure ™ stage server Whonix old logo.png
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Host a Bridge or Tor Relay&body= link= a Bridge or Tor Relay link= a Bridge or Tor Relay link= a Bridge or Tor Relay%20 a Bridge or Tor Relay

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.