I just posted the following topic to the Dev/Qubes wiki page:
Current Qubes + Whonix implementation has both the Whonix-Gateway and Whonix-Workstation connected to the same backend FirewallVM and iptables forwarding is manually established between the Whonix IP addresses. This current method is really just an efficient hack for our initial Qubes + Whonix implementation. The native/proper way to network VMs in Qubes is via chaining their networking “backend” together, which is part of Xen networking structure. This is how other VMs in Qubes are networked, including TorVM. According to Qubes devs, these Xen backends provide simple point-to-point networking between VMs. So this would be advantageous for further isolation of inter-VM Whonix traffic, since, currently, all inter-VM traffic is routed through the internet-facing FirewallVM, which can also be shared by other VMs. This current implementation with a shared FirewallVM could be somewhat of a security concern for inter-VM traffic, and a reason to move to native/proper isolated point-to-point “backend” networking. Also, in the future, it is desirable to leverage full ProxyVM/ServiceVM networking between Whonix-Gateway and Whonix-Workstation, as the TorVM does. ProxyVM utilizes Xen “backend” networking but automates it with transparent Qubes GUI networking, making use of dynamically created virtual networking interfaces. Whonix may need to add onto or adjust its internal networking setup to be compatible with such native Qubes networking.
Discussions related to this topic: