Jump to: navigation, search

Hosting a (private) (obfuscated) bridge or (exit) relay


Introduction[edit]

You can still volunteer to Tor and host a bridge, private bridge, obfuscated bridge, private obfuscated bridge, middle node or exit relay when you are using Whonix. Either inside the Whonix-Gateway or directly on the host.

Outside the Whonix-Gateway[edit]

KVM For KVM, follow the NAT port forwarding instructions for Whonix-Gateway. [1]

Inside the Whonix-Gateway[edit]

This chapter hasn't been tested for a long time. Get in contact if you are interested in this configuration.

Simply follow all the usual instructions given on torproject.org inside the Whonix-Gateway just as you would, if Tor wouldn't run inside a virtual machine. The only additional thing to do is to set up a port forwarding from the host to the virtual machine. That is simple. It's a VirtualBox feature. You can also do this with the VirtualBox graphical user interface. Go to Whonix-Gateway -> Settings -> Network Interface -> Port Forwarding.

What's left are the firewall rules. On the Whonix-Gateway look at /etc/whonix_firewall/30_default.conf. Read the introduction comment (which is about Whonix flexible modular configuration files) and Tor Relay Settings.

Modify Whonix User Firewall Settings.

Note: Initially, if you have not made any changes to Whonix Firewall Settings, then Whonix User Firewall Settings File /etc/whonix_firewall.d/50_user.conf appears empty, because it does not exist. This is expected.

If you are using Qubes-Whonix, complete the following steps:

Qubes App Launcher (blue/grey "Q") -> Template: whonix-gw -> Whonix User Firewall Settings

If you are using a graphical Whonix-Gateway, complete the following steps:

Start Menu -> Applications -> Settings -> User Firewall Settings

If you are using a terminal-only Whonix-Gateway, complete the following steps:

sudo nano /etc/whonix_firewall.d/50_user.conf

For more help, press on expand on the right.

Note: Whonix Global Firewall Settings File /etc/whonix_firewall.d/30_default.conf contains default settings and explanatory comments what these settings purpose. It gets opened read-only by default. By default you are not supposed to directly edit the file. Below, we recommend to open the file without root rights. The file contains an explanatory comment on how to change firewall settings.

## Please use "/etc/whonix_firewall.d/50_user.conf" for your custom configuration,
## which will override the defaults found here. When Whonix is updated, this
## file may be overwritten.

See also Whonix modular flexible .d style configuration folders.

To view the file, complete the following steps.

If you are using Qubes-Whonix, complete the following steps:

Qubes App Launcher (blue/grey "Q") -> Template: whonix-gw -> Whonix Global Firewall Settings

If you are using a graphical Whonix-Gateway, complete the following steps:

Start Menu -> Applications -> Settings -> Global Firewall Settings

If you are using a terminal-only Whonix-Gateway, complete the following steps:

nano /etc/whonix_firewall.d/30_default.conf

Paste the following content. Adjust if necessary.

## Allow incoming DIRPORT connections for an optional Tor relay.
GATEWAY_ALLOW_INCOMING_DIR_PORT=1

## Allow incoming ORPORT connections for an optional Tor relay.
GATEWAY_ALLOW_INCOMING_OR_PORT=1

## DIRPORT incoming port.
DIR_PORT=80

## ORPORT incoming port.
OR_PORT=443

Reload Whonix-Gateway Firewall.

If you are using Qubes-Whonix, complete the following steps:

Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Reload Whonix Firewall

If you are using a graphical Whonix-Gateway, complete the following steps:

Start Menu -> Applications -> System -> Reload Whonix Firewall

If you are using a terminal-only Whonix-Gateway, run:

sudo whonix_firewall

Other Easy Options[edit]

As a Firefox or Chrome browser / Chromium user, install an add-on to create a "flash" proxy bridge. "Flash" as in flashing proxy, not as in Adobe Flash. This has nothing to do with Adobe Flash.

For Chrome browser / Chromium, there is cupcake. Simply click to install the add-on and you're done.

For Firefox browser, there is Tor Flashproxy Badge. Simply click to install the add-on and you're done.


Random News:

Want to make Whonix more safe and usable? We're looking for helping hands. Check out Open Issues and development forum.


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.
  1. http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections