Route all LAN traffic thru physical whonix gateway

I want to offer a couple of friends the ability to host their tor sites at my house because I have 10g wan. I have the following situation. I want to have physical whonix gateway, linux router, kvm hypervisor, their vms. My thinking is, even if they do something stupid and one of the vms is hacked and there is some crazy unknown zero day and they take over the hypervisor, could they route to clear net thus dox me. In my opinion they shouldn’t be able to do that because all the traffic is routed thru whonix. Is that correct or am I wrong, and if I’m wrong please explain how to prevent it and what am I missing.

1 Like

I went over the documentation, it didn’t made me feel that I’m correct thus the question and thus the expectation of an answer.

The routing may be bulletproof but exploitation of security vulnerabilities is possible. Nothing perfectly safe. Usually a bad idea to host onions for third-parties. A lot public high profile onions and onion hosts for random people have been busted.

1 Like