Thank you so much @HulaHoop
Just trying to understand it a bit better. I also should have mentioned that this was for wireguard using wg-quick.
So when I do a wg show I get this output:
interface: mullvad-wg-excludewhonix.conf
public key: (hidden)
private key: (hidden)
listening port: 50454
fwmark: 0x.....
Would that mean I would do this to my mullvad-wg-excludewhonix.conf file:
[Interface]
PrivateKey = <privatekey>
Address = 10.66.213.43/32,fc00:bbbb:bbbb:bb01::3:d52a/128
DNS = 193.138.218.74
PostUp = iptables -t nat -A OUTPUT -p tcp --dport 50454 -m owner --uid-owner libvirt -j ACCEPT
PostUp = iptables -t nat -A OUTPUT -p tcp --dport 50454 -m owner --uid-owner kvm -j ACCEPT
PreDown = iptables -t nat -A OUTPUT -p tcp --dport 50454 -m owner --uid-owner libvirt -j REJECT
PreDown = iptables -t nat -A OUTPUT -p tcp --dport 50454 -m owner --uid-owner kvm -j REJECT
[Peer]
PublicKey = <publickey>
Endpoint = 89.36.78.210:51820
AllowedIPs = 0.0.0.0/0, ::/0
Because the port that showed when wg show command was executed, showed listening port 50454?
Or do I change the --uid-owner to --gid-group kvm and do another one for libvirt?
I have also done a print out of my ip address show and ip route.
Not sure if that helps, but here is the link https://bin.privacytools.io/?165e8ed6a0bde5a6#gNLIotj8X4gwBP2st4f+t6HmqbV3s4ZwLM1fbIvEq+E=
Password for privacytools privatebin/pastebin is whonixrocks
EDIT:
I did try --gid-owner kvm and --gid-owner libvirt but unfortunately, that did not work.
I have read through most of your wiki now, and I completely understand why this is not documented, etc… man you guys are smart with everything you do. I sincerely appreciate everything you do.
Was hoping there might be a chance you might please please please be able to provide an example of the correct iptables based on the similar topic from url you posted on gentoo forum, and the what info i have, and what you have not documented for whonix gateway. I’m dying to learn how this would work. Thank you again, soo much!