The gateway has a lot of ports open

Running nmap 127.0.0.1 on the gateway shows all the open ports.

The output is

PORT     STATE SERVICE
9050/tcp open  tor-socks
9100/tcp open  jetdirect
9101/tcp open  jetdirect
9102/tcp open  jetdirect
9103/tcp open  jetdirect
9110/tcp open  unknown
9111/tcp open  DragonIDSConsole
9200/tcp open  wap-wsp
9207/tcp open  wap-vcal-s
9220/tcp open  unknown

Why are there so many ports open? What are they used for? They should be closed if not in use.

A lot references can be found by greping Whonix source code.

Dev/git - Kicksecure

You can find most ports here:

And for any unknown ports still, please grep Whonix source code.

1 Like

Thanks! All the ports were in the file you linked.

1 Like

In theory - we could save some Whonix-Gateway RAM by using a mechanism similar to GitHub - Whonix/anon-ws-disable-stacked-tor / Dev/anon-ws-disable-stacked-tor - Whonix using systemd-socket-proxyd (systemd listens with a stub port and starts the actual service on demand) but this clashes with Tor, which has:

  • usually just one global config file
  • usually only one Tor ControlPort
  • usually only one Tor state folder (which contains Tor entry guards)

Does Whonix-Gateway RAM use less RAM with less open ports by Tor?

If there is something to it, we could perhaps auto generate Tor config and only on demand add ports to Tor’s config (when an application tried to use them) and then sudo systemctl reload tor@default after config update.

Or if we want to follow Tor Entry Guards - Whonix we could start a new Tor instance per application on demand. Still wouldn’t know how to handle the Tor ControlPort in that case. Perhaps only ControlPort for applications where we know these are going to use it.

[Any disk space issues with that due to multiple Tor state folders? ~ 7 MB per Tor data folder.]

1 Like

I doubt having a few more ports open would increase RAM noticeably. Unless those ports could be used to connect to the Gateway and be used for malicious purposes, the advantages would be slim.