I’ve been playing with the idea of forcing all of the host’s network traffic through the Whonix Gateway. I am trying to use port forwarding so I can access the Gateway’s ports from my host. Like the guide on the wiki.
Then I will use iptables to force all traffic through those ports. The problem is that the Whonix firewall only allows one flashproxy port. I need two. One for TCP traffic and one for DNS.
Would it be possible to add support for multiple flashproxy ports?
Interesting. Do you know how to implement an exception for programs under the libvirt user group? This way you are protecting against unintentional host traffic leaks while allowing clearnet traffic from Hardened Debian VMs or other Whonix GWs without running into Tor over Tor.
Yes but I meant the libvirt group on the host being somehow exempted from redirection to the GW. I don’t think this change can be done on the GW but on the host’s IPtables?
I have no idea how to implement port forwarding for KVM or if it’s even possible which is what Whonix Host will be using. Does anyone know if it’s possible?
@madaidan I’ve been searching for the topic where you described redirecting host traffic to the GW and blocking everything else. Can’t find it. It seems there was wider interest in the same problem and it may be interesting to have.
Let me know what tpoic this was in and I’ll move this post.
It was the post where I asked for support for multiple flashproxy ports.
That person seemed to want to allow only Gateway traffic rather than force all traffic through the Gateway which can be done by allowing traffic from the libvirt group and blocking all other traffic.