Actions

Hosting a (private) (obfuscated) bridge or (exit) relay

From Whonix



Introduction[edit]

You can still volunteer to Tor and host a bridge, private bridge, obfuscated bridge, private obfuscated bridge, middle node or exit relay when you are using Whonix ™. Either inside the Whonix-Gateway ™ or directly on the host.

Outside the Whonix-Gateway ™[edit]

KVM For KVM, follow the NAT port forwarding instructions for Whonix-Gateway ™. [1]

Inside the Whonix-Gateway ™[edit]

This chapter hasn't been tested for a long time. Get in contact if you are interested in this configuration.

Simply follow all the usual instructions given on torproject.org inside the Whonix-Gateway ™ just as you would, if Tor wouldn't run inside a virtual machine. The only additional thing to do is to set up a port forwarding from the host to the virtual machine. That is simple. It is a VirtualBox feature. You can also do this with the VirtualBox graphical user interface. Go to Whonix-Gateway ™ → Settings → Network Interface → Port Forwarding.

What's left are the firewall rules. On the Whonix-Gateway ™ look at /etc/whonix_firewall/30_default.conf [archive]. Read the introduction comment (which is about Whonix ™ flexible modular configuration files) and Tor Relay Settings.

Modify Whonix-Gateway ™ User Firewall Settings

Note: If no changes have yet been made to Whonix Firewall Settings, then the Whonix User Firewall Settings File /etc/whonix_firewall.d/50_user.conf appears empty (because it does not exist). This is expected.

If using Qubes-Whonix ™, complete these steps.
In Whonix-Gateway ™ AppVM. Make sure folder /rw/config/whonix_firewall.d exists.

sudo mkdir -p /rw/config/whonix_firewall.d

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ AppVM (commonly called sys-whonix)Whonix User Firewall Settings

If using a graphical Whonix-Gateway ™, complete these steps.

Start MenuApplicationsSettingsUser Firewall Settings

If using a terminal-only Whonix-Gateway ™, complete these steps.

In Whonix-Gateway ™, open the whonix_firewall configuration file in an editor.

sudoedit /etc/whonix_firewall.d/50_user.conf

For more help, press on Expand on the right.

Note: This is for informational purposes only! Do not edit /etc/whonix_firewall.d/30_whonix_gateway_default.conf.

Note: The Whonix Global Firewall Settings File /etc/whonix_firewall.d/30_whonix_gateway_default.conf contains default settings and explanatory comments about their purpose. By default, the file is opened read-only and is not meant to be directly edited. Below, it is recommended to open the file without root rights. The file contains an explanatory comment on how to change firewall settings.

## Please use "/etc/whonix_firewall.d/50_user.conf" for your custom configuration,
## which will override the defaults found here. When Whonix is updated, this
## file may be overwritten.

See also Whonix modular flexible .d style configuration folders.

To view the file, follow these instructions.

If using Qubes-Whonix ™, complete these steps.

Qubes App Launcher (blue/grey "Q")Template: whonix-gw-15Whonix Global Firewall Settings

If using a graphical Whonix-Gateway ™, complete these steps.

Start MenuApplicationsSettingsGlobal Firewall Settings

If using a terminal-only Whonix-Gateway ™, complete these steps.

In Whonix-Gateway ™, open the whonix_firewall configuration file in an editor.

nano /etc/whonix_firewall.d/30_whonix_gateway_default.conf

Paste the following content. Adjust if necessary.

## Allow incoming DIRPORT connections for an optional Tor relay.
GATEWAY_ALLOW_INCOMING_DIR_PORT=1

## Allow incoming ORPORT connections for an optional Tor relay.
GATEWAY_ALLOW_INCOMING_OR_PORT=1

## DIRPORT incoming port.
DIR_PORT=80

## ORPORT incoming port.
OR_PORT=443

Reload Whonix-Gateway ™ Firewall.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named sys-whonix)Reload Whonix Firewall

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSystemReload Whonix Firewall

If you are using a terminal-only Whonix-Gateway ™, run.

sudo whonix_firewall

Other Easy Options[edit]

As a Firefox or Chrome browser / Chromium user, install an add-on to create a "flash" proxy bridge. "Flash" as in flashing proxy, not as in Adobe Flash. This has nothing to do with Adobe Flash.

For Chrome browser / Chromium, there is cupcake [archive]. Simply click to install the add-on and you're done.

For Firefox browser, there is Tor Flashproxy Badge [archive]. Simply click to install the add-on and you're done.



Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png

Share: Twitter | Facebook

We are looking for video makers to help create demonstration, promotional and conceptual videos or tutorials.

https [archive] | (forcing) onion [archive]

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.