Whonix-Gateway ™ Traffic: Transparent Proxying
(Redirected from Whonix-Gateways Own Traffic Transparent Proxy)Jump to navigation Jump to search
How-to: Enable Transparent Proxying for Whonix-Gateway ™ own Traffic
- Getting the global system DNS resolver working on Whonix-Gateway ™ (usually recommended against and unnecessary)
Since Whonix ™ version
0.2.1Whonix-Gateway ™ traffic is also routed over Tor. In this way, use of Whonix ™ is hidden from persons or systems observing the network.
- To preserve the anonymity of a user's Whonix-Workstation ™ activities, it is not necessary to torify Whonix-Gateway ™ own traffic.
For reader interest: If DNS settings on Whonix-Gateway ™ are changed in
/etc/resolv.conf, this only affects Whonix-Gateway ™ own DNS requests issued by applications using the system's default DNS resolver. By default, no applications issuing network traffic on Whonix-Gateway ™ use the system's default DNS resolver. All applications installed by default on Whonix-Gateway ™ that issue network traffic (apt, systemcheck, sdwdate) are explicitly configured, or forced by uwt wrappers, to use their own Tor
SocksPort(see Stream Isolation).
Whonix-Workstation ™ default applications are configured to use separate Tor
SocksPorts(see Stream Isolation), thereby not using the system's default DNS resolver. Any applications in Whonix-Workstation ™ that are not configured for stream isolation - for example
nslookup- will use the default DNS server configured in Whonix-Workstation ™ (via
/etc/network/interfaces), which is the Whonix-Gateway ™. Those DNS requests are redirected to Tor's DnsPort by Whonix-Gateway ™ firewall. Whonix-Gateway ™
/etc/resolv.confdoes not affect Whonix-Workstation ™ DNS requests.
Traffic generated by the Tor process itself which runs by Debian default under user
debian-tororiginating from Whonix-Gateway ™ can use the internet normally. This is because user
debian-toris exempted in Whonix-Gateway ™ Firewall, allowed to use the "normal" internet.
The Tor software (as of
0.4.5.6) (and no changed were announced at time of writing) almost exclusively uses TCP traffic. See also Tor wiki page, chapter UDP. For DNS, see next footnote.
Tor does not require, use functional (system) DNS for most functionality. IP addresses of Tor directory authorities are hardcoded in the Tor software as per Tor upstream default. Exceptions include:
- proxy settings using proxies with host names rather than IP addresses
- the Tor pluggable transport meek lite to resolve domains used in setting
front=to IP addresses.