[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Port forward whonix and use dns?


#1

Hi again!
I would love to know if you have to port forward a port when using whonix, like if you are hosting a website, then i usually have to port forward the port 443 but do I hav eto do this when using whonix? If yes, how am i supposed to do this?

  1. Can i use dynamic dns with whonix, like pointing the domain name to the ip given by tor/whonix?
    Thanks!!

#2



#3

Could you maybe simplify this a little? Like a pretty straight guide of how to do it? Thanks buddy


#4

You cannot have a dyndns style public IP of a Tor exit and then have other normal internet users (clearnet users) access it. Close to that are only workarounds such as pagekite or VPN with Remote Port Forwarding.

The other option is Tor Hidden Services but then you get an onion domain and only Tor [and tor2web] users can access it.


#5

Hmm, okay. But is there any way to setup something that you could ping and then receive the currently ip adress assigned to that “something”, like a persistent connection? So that i could use whonix when sending data from my one server located in another country and my home pc. I have installed a connector file on my server which should somehow get my current whonix ip and then connect to my home pc(which should use something like whonix) from that… I really hope you get me here but otherwise, please ask.

Thanks!


#6

The Tor exit IP (“current Whonix IP”) can be figure out, but it’s dynamic (and you shouldn’t tamper with that). So it’s worthless for your purposes. The Tor exit servers won’t let you open a port on their IPs for unsolicited incoming connections.

You can connect a client to a server using Tor hidden services. The server will have a stable domain name. For example Whonix has http://kkkkkkkkkk63ava6.onion (reachable by Tor users only).


#7

Wow… So there is no way of achieving what i want in a way that would make me just as anonymous as when using whonix? :frowning: Thought i was close to my goal. Anyway, thanks!


#8

No.

Multiple ways have been presented.

For one, why wouldn’t Tor hidden services work for you?


#9

Maybe it does, you can probably confirm that - I have a php file on my server (where i cannot install extra software but have all the standard os commands and can run scripts like a phython, php, perl etc.). Those files should check whether the the listener on my home computer is up, so they have to know the the current ip i am at from my home. As i said, i cannot install tor on the server and from i have read just before, the server would then need a tor browser to communicate with my whonix ip, right? I would love to know your thoughts on this. I REALLY appreciate your time!!

Update: Plus yeah, the server should be able to connect to the listener on my home pc of couse


#10

Then you can use a server to server connection. From the limited remote server to a home server.

The home server running Whonix-Gateway and Whonix-Workstation. In the workstation you can use pagekite or a VPN with remote port forwarding. These provide a stable clearnet IP (and optionally you could add some [dyn]dns service).

The the limited remote server can connect to the pagekite or VPN IP which terminates inside the workstation. Anonymously. Challenges here are anonymously registering for pagekite or a VPN with remote port forwarding.


#11

Thank you!! I am currently checking both some vpns and what pagekite actually is… In the meanwhile, can you tell me if pagekite is available on wan like outside your own network? Because in all the examples on websites, they use something like this code:

defaults -backend=http:YOURNAME:localhost:80:SECRET - http://www.techrepublic.com/blog/diy-it-guy/diy-pagekite-allows-you-to-host-a-site-from-your-desktop/

And thhey are all using port 80 on localhost but what i want is… actually i do not know what ip i should use instead of localhost AND if i just can replace 80 with whatever port i want, such as 3322 maybe.

I cannot find any examples where they set it up for outside their lan, could you confirm if this is only for lan or also for wan? Thanks!

I have also looked at this page: https://pagekite.net/wiki/Howto/PageKiteOverTor/
But again, I do not know how i should setup pagekite for achieving my goal

Update:
Won’t this do the trick then:

[quote]
Flying kites - Apache, nginx, …
Assuming you have a web server (for example Apache or Nginx) running on port 80 on your local machine, the following command will make it publicly visible:
$ pagekite.py 80 foo.pagekite.me
This will connect your localhost:80 web server to the publicly visible http://foo.pagekite.me/. More importantly, it will also allow you to use SSL/TLS encryption on https://foo.pagekite.me/. We recommend using the encrypted versions whenever possible!
You can replace 80 with other port numbers (3000 and 8000 are common values for web development).
[/quote]https://pagekite.net/support/quickstart/
But am i supposed to replace the “http://foo.pagekite.me/” with the ip on the workstation or?


#12

Imagine Whonix-Workstation like a usual desktop computer behind a common end-user NAT router device.

pagekite:
I’d check first if you will be able to anonymously obtain it (qualify for free service or anonymously pay) - https://pagekite.net/signup/?more=bw

I don’t think you need pagekite over Tor instructions. You can just use any regular pagekite howto / example and adjust that.

https://pagekite.net/support/quickstart/

That’s the whole point of it. Running servers in environments where you cannot open a port such as behind NAT.

No issue here. The backend server runs on localhost indeed.

localhost…

Any port works.

The server will be reachable through username.pagekite.net or so.

No. foo gets replaced with your pagekite user name.

Pagekite works. I tested it a few years ago. And I don’t think anything in pagekite changed in meanwhile that would break its basic functionality.


#13

WOW THANK YOU! Anyway, i started my pagekite using this command:

pagekite.py 3333 myname.pagekite.me

And then i checked if the port was open by making a script that would check if the connection “myname.pagekite.me:3333” is available but it always says that the connection is rejected which means that it cannot reach it…
When i am checking “myname.pagekite.me:80” instead, it always returns true even when my workstation where I started the pagekite from, is turned off?

Do you have any idea why this is happening?

Thanks!


#14

Did you verify you can reach the server locally? How?

nc 127.0.0.1 3333

Did you try making pagekite work with something simpler first? With a web server? With a pagekite example howto? Try that first before trying your own server.


#15

Uhhh the command

nc 127.0.0.1 3333

also said “connection refused”… Now what?

Btw. after starting the pagekite with the port 3333, it ends up saying “flying localhost:3333 as https://myname.pagekite.me/”, so that seems to be fine


#16

npme:

Uhhh the command

nc 127.0.0.1 3333

also said “connection refused”… Now what?

Fix your server software. That should be unrelated from Whonix, meaning
that would most likely happen on any linux distribution.

Btw. after starting the pagekite with the port 3333, it ends up saying “flying localhost:3333 as https://myname.pagekite.me/”, so that seems to be fine

That’s fine indeed.


#17

What do you mean, i am doing this from my whonix-workstation and i have nothing installed yet, such as a server software? :confused: Or are you talking about things like apache?


#18

The script you want to be reachable from within 3333. That’s called a server, right?

What do you expect to reply on localhost 3333? … a server.


Did you try making pagekite work with something simpler first? With a web server? With a pagekite example howto? Try that first before trying your own server.


#19

Thanks man, i really appreciate your time! I will test some more then


#20

Okay, so i just found out that it works perfectly when using pagekite for a web server with apache2 and i also found out that the reason for [quote=“nichlaspro, post:13, topic:3325”]
When i am checking “myname.pagekite.me:80” instead, it always returns true even when my workstation where I started the pagekite from, is turned off?
[/quote]
is because that even when the pagekite is not started, there is technically still connection because it just shows the “Temporarily Unavailable” info on the site… Anyway, now i know it works with a web server but i do not really care about content - I just want other computers to see whether a port from my workstation is up or down(which is where pagekite probably could help) and the port 80, would are actually always open right when using pagekite right? What are your thoughts on this one?
Thanks!