I need a DHCP server. I know that it is not safe to install a DHCP server on the gateway. Will it be safer if I install isc-dhcp-client and dnsmasq-base on a separate machine, where there will be 2 network interfaces of the internal network Virtualbox? eth0 as a static connection (whonix gateway) and eth1 as a “shared to other computers” through netwok-manager (ipv4). I will get connection like Whonix Gateway -> DHCP VM -> VM Workstation (which connects through the internal network DHCP VM (eth1 as a “shared to other computers”)
Make it work with plain Debian VMs first + Whonix-Gateway. Why? Simpler. You can concentrate on essentials and Whonix (firewall, DNS configuration, hardening, whatnot) won’t be in the way.
Step 1:
Debian VM → Whonix-Gateway
( as per usual Anonymize Other Operating Systems instructions )
Step 2:
Debian VM-1(DHCP client) → Debian VM-2(DHCP server) → Whonix-Gateway
Step 3:
Debian VM-1(DHCP client) → Whonix-Workstation(DHCP server) → Whonix-Gateway
Step 4:
Whonix-Workstation-1(DHCP client) → Whonix-Workstation-2(DHCP server) → Whonix-Gateway
Understood.
Not sure I understand. However, what I would suggest:
Debian VM-1(DHCP client) (one internal network interface “dhcp”) →
Debian VM-2(DHCP server) (two internal network interfaces: internal [unmodified, “internal” similar or by Whonix default]; “dhcp”)
“internal”: connected to Whonix-Gateway
“dhcp”: connected to Debian VM-1(DHCP client)
→ Whonix-Gateway (the usual two network interfaces internal and external, unmodified)
What I just described (might be same as you had in mind) would be safer indeed.
What might be useful once you start using Whonix-Workstations: Dev/Firewall Unload - Whonix
Please document if you can make that work and/or send patches. We might add this as an optional feature to Whonix-Workstation.
Thanks for your reply. Yes, this is what I mean, but I do not understand why your connection consists of THREE internal network interfaces Debian VM-2 (DHCP server). [unmodified, “internal” analogue or Whonix default; “Dhcp”]
“Internal”: connected to the Whonix-Gateway
Dhcp: Connected to Debian VM-1 (DHCP client). In my connection, Debian VM-2 (DHCP server) have only 2 network interfaces on the internal network (Virtualbox). The first interface is static as described in the documentation you specified above the second interface (Dhcp) that connects to the Debian VM-1 (DHCP client).
Indeed. Two. Not three. Fixed in above post.