INTERNAL_OPEN_PORTS setting

offshorebats · April 10, 2021, 6:34pm

Hello,

I installed i2pd on whonix gateway, set it to work as debian-tor user with reseeding over tor and it works pretty good. How can I expose its ports to internal 10.152.152.0/16 network?

I see EXTERNAL_OPEN_PORTS exists but i dont want to expose the ports to external interface since I am using vpn as well, and vpn provider can possibly backconnect to my whonix-gateway, i just need the i2pd ports to be accessible in inner subnet

all the PORTS wiki is about EXTERNAL_OPEN_PORTS as well there is nothing about opening port to inner subnet

I havent found anything relevant in /etc/whonixfirewall.d/ folder as well, I dont see where you allow tor process to bind some ports

I dont need any oversmart transparent socksifying for i2p here or intermediate http proxy servers all I need is to allow i2pd process have 4444 and 4447 ports bound to eth1. Its already configured to bind on 0.0.0.0 but whonixfirewall blocks those ports

Thanks

Patrick · April 10, 2021, 10:27pm

Documentation for that was refined just now. See:

How to open an Incoming Port on Whonix-Gateway ™ for Connections Originating from Whonix-Workstation ™

Related development discussion:

Setting INTERNAL_OPEN_PORTS doesn’t exist as of Whonix 15.0.1.7.2.
(But that doesn’t mean you need to wait for it. Just see above.)

The current notation in the firewall scripts SOCKS_PORT_... is non-ideal, could be simplified, refactored. Having INTERNAL_OPEN_PORTS would be nicer.

Patrick · April 10, 2021, 11:36pm

Implemented.

(The diff looks nicer in meld.)

Bug Reports, Software Development and Feature Requests

offshorebats · April 11, 2021, 4:44pm

thanks, working