Hello all,
I have a question regaurding what happens to the traffic on the host whonix is installed on. I realize that while using the whonix workstation and gateway all connections are routed through tor however, my concern is with the host internet traffic. How would it be possible to stop all regular host internet connnections from going out if i wanted no traffic to leak out of the host and ONLY enable tor traffic from the whonix system.
Welcome to Whonix forums and thank you for your question!
Created this wiki page just now for an answer:
Whonix doesn’t modify it. A VM can’t be changing what’s happening on the host without changes on the host itself.
Whonix networking, as delivered uses NAT. The two machines (Gateway and Workstation) are a closed system that communicate with each other by means of the internal network. The Gateway is torified and sends those packets by nat to your host’s active interface, which is able to communicate with the outside internet. So, the Workstation is using Tor Browser, and that is all redirected to the Gateway which sends through Tor and nat forwards those packets to your host. Your host machine’s interface receives the packets from the virtualizer and forwards them to the internet. Then, a response comes in to your host (from the Tor Guard or Bridge) which then forwards back to the Gateway. Nat effectively isolates the virtual machines from your host so the two cannot communicate directly with each other by default.
Since the host interface that is connected to Whonix has to be able to accept incoming and outgoing connections, there are a variety of firewall and other solutions you could explore to tighten outgoing traffic originating from the host. Apparmor profiles are one idea, as is a dedicated interface used only for Whonix. Any modifications would be done only on the host.
Here is an idea: set up an iptables ruleset with a default deny policy. Have the outgoing interface drop any connections that come in and go out that are not from your Tor Guard or bridge. Even better, since Tor does not need DNS on the host, have your rules explicitly drop all packets in both directions to your chosen configured DNS nameservers. Maybe set it up as a bash script that you can run before you start Whonix. Create a complement script that returns everything to normal once you exit Whonix. Definitely possible with a little work.
Thank you to everyone who has responded to this post , the information has been very helpful.
Sounds like almost done with corridor.
@Patrick, corridor looks like an excellent possibility! I had not read about the particulars until now when I followed your links. Corridor could be a good addition to the host’s security measures.