Whonix-Gateways Own Traffic Transparent Proxy
Advanced users only!
Usually recommended against and unnecessary!
Whonix-Workstation has the transparent proxying feature enabled by default. (You could disable it if you wanted to.)
Whonix-Gateway has by default no transparent proxying feature. This article explains how you could enable it. There are no known use cases besides leak testing.
For explanation, openand read what the settings and are about.
Open /etc/whonix_firewall.d/30_user in an editor.
Open /etc/whonix_firewall.d/50_user.conf in an editor with root rights.
Add the following content.
Reload Whonix-Gateway Firewall.
Add the following content.
TransPort 127.0.0.1:9041 DnsPort 127.0.0.1:54
Test if you wish.
UWT_DEV_PASSTHROUGH=1 curl --tlsv1.2 --proto =https -H 'Host: check.torproject.org' -k https://22.214.171.124
- Getting the global system DNS resolver working on Whonix-Gateway (usually recommended against and unnecessary)
- Since Whonix 0.2.1 also the Whonix-Gateway traffic is routed over Tor. This prevents telling the world that the user is a Whonix user.
- To preserve anonymity of activities the user is doing inside Whonix-Workstation, it would not be required to torify Whonix-Gateway's own traffic.
- For your interest: if you were to change DNS settings on Whonix-Gateway in Stream Isolation). , this would only affect Whonix-Gateways's own DNS requests issued by applications using the system's default DNS resolver. Actually, by default, no applications issuing network traffic on Whonix-Gateway use the system's default DNS resolver. All applications installed by default on Whonix-Gateway issuing network traffic (apt-get, whonixcheck, timesync) are explicitly configured (or forced by uwt wrappers) to use their own Tor SocksPort (see
- Whonix-Workstation's default applications are configured to use separate Tor SocksPort's (see Stream Isolation), thus not using the system's default DNS resolver. Any applications on Whonix-Workstation, not configured for stream isolation (for example ), will use the default DNS server configured in Whonix-Workstation in , which is Whonix-Gateway. Those DNS requests will be redirected to Tor's DnsPort by Whonix-Gateway's firewall. (Therefore Whonix-Gateway's does not affect Whonix-Workstation's DNS requests.)
Impressum | Datenschutz | Haftungsausschluss
Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.