[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Debugging isolated Multi-WS setup

Development
#1

I’ve opened a separate thread as per recommendation. I believe that there must be some discrepancy between how internal networks work in different virtualizer. That makes debugging more difficult to pin point.

This function shouldn’t been seen as a “task”. I just think it would be nice to have and document for KVM folks.

The steps I applied to debug is to run tcpdump on eth2. logs show that packets from the non-connecting ws 2 do have an ip of 10.152.152.12. That means that the ws does have an ip assigned so no problem there. Reasons for why no packets are making it past that point are, I speculate, because no rules are applied to traffic coming from it. iptables on gw can deal with eth1 traffic but it doesn’t know anything about an eth2 or how to treat it. This causes it to do the failsafe of default block all traffic coming from eth2.

Again more speculation but I think if the iptables script on gw is modified to automatically apply eth1 rules to any (eth1+n) interface that should do it.

If you have any different ideas on what I should do next, I’m all ears.

#2

Looks like a small misunderstanding.

Now you’re back to the multi separate internal network interfaces.

I am not surprised the eth2 thing doesn’t work. In thread
https://www.whonix.org/forum/index.php/topic,688.0.html
your question

How difficult is it to do this so that all firewall rules for eth1 are auto-duplicated for any n number of internal network interfaces that the gateway auto-detects has been added to it - while maintaining complete separation between workstations on different internal networks?

was answered by me and I implicitly said it’s not supported by https://github.com/Whonix/whonix-gw-firewall yet.

Again more speculation but I think if the iptables script on gw is modified to automatically apply eth1 rules to any (eth1+n) interface that should do it.
In essence, that's it.

It cannot be solved by Q/A style. Technically the looks quite obvious to me. Just needs bash and some iptables knowledge and several hours of work.

[hr]

If you want https://www.whonix.org/wiki/Multiple_Whonix-Workstations#How_to_use_more_than_one_Whonix-Workstation_-_EASY (without multiple separate internal networks) to work with KVM should go into a separate thread.

#3
Looks like a small misunderstanding.

Now you’re back to the multi separate internal network interfaces.

I am not surprised the eth2 thing doesn’t work. In thread

Yes I realise it was a misunderstanding.

In essence, that's it.

It cannot be solved by Q/A style. Technically the looks quite obvious to me. Just needs bash and some iptables knowledge and several hours of work.

Ok I see, makes sense.

If you want https://www.whonix.org/wiki/Multiple_Whonix-Workstations#How_to_use_more_than_one_Whonix-Workstation_-_EASY (without multiple separate internal networks) to work with KVM should go into a separate thread.

I was confused by the page’s title, but now that you explained its actually about multi-ws on the same internal network I report that it has always worked without any changes needed on my part. I never had to apply these instructions for it to work.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]