[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

How to connect from a guest (Whonix Gateway) to a proxy client running on a host.

How to connect from a guest (Whonix Gateway) to a proxy client running on a host. The proxy listens for 127.0.0.1:1080 on the host.
I am trying to connect through a gateway to
12.0.2.2:1080 (using the Anon connection wizard socks5) - this IP address is assigned the default gateway (0.0.0.0) on the host.

This is unsuccessful.
Need port forwarding?
Need your help.

This is probably possible but undocumented.

The following documentation might introduce the proper terminology, connection schemes, to avoid talking past reach other and might fully discourage from whatever you’re trying anyhow.

Since it says.

These configurations are difficult to set up and should only be attempted by advanced users. For the vast majority of Whonix ™ users, using Tor in isolation – without a VPN or proxy – is the correct choice.

Probably not. For explanation on port forwarding:

This might be solvable as per https://www.whonix.org/wiki/Free_Support_Principle by researching how to make any server running on the host available to VirtualBox VMs. I recommend to exercise this first with a Debian VM before trying this with Whonix-Gateway. Please post an update here if you figure it out. Might be interesting in future for others too.

My problem is resolved.

History of the decision.
My host is fedora 31, firewalld is enabled by default.
I turned off the firewall and the connection through the proxy worked, but not as it should. For unknown reasons, only obfs4 traffic worked through my proxy, and when I disconnected the connection through the proxy, Tor did not want to connect either through obfs4 or through a simple watchdog node - some kind of error. But now I know in which direction, it seems to me, I should go - since the problem is in the firewall. I turned on the firewall again and after searching on Google I found an article on the official Libvirt website which says that when installing KVM/libvirt it creates its own zone called libvirt. My solution was to add advanced firewall rules.

Here are my steps:

  1. Setting the proxy for listening - 10.0.2.2:1080
  • 10.0.2.2 - ip of the Whonix Gateway virtual interface.
  • 1080 - is the port that the proxy listens on.
  1. Add advanced firewall rules. Allow the connection from the specified ip and port.

firewall-cmd --permanent --zone = libvirt --add-rich-rule = ‘rule family = “ipv4” source address = “10.0.2.15” port protocol = “tcp” port = “1080” accept’

  • 10.0.2.15 - ip of the Whonix Gateway virtual machine
  • 1080 - the port specified for listening in the proxy client.
  1. Connected using the anon connection wizard to my socks5 client through the ip gateway and port -
  • 10.0.2.2:1080

That is actually all. Now everything works.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]