No. Absolutly not. Start thinking with the upstream defaults from https://github.com/rustybird/corridor. This has been adjusted as an additional VM. Whonix-Gateway not connected directly to the internet. But connected to a corridor-Gateway instead.
sitting between WS and GW
This is not possible. This is not for what corridor is designed.
What would be possible is:
- corridor-workstation -> corridor-gateway
In Such an setup it would be up to the corridor-workstation to establish its own Tor circuits. But this would come with all the disadvantages that corridor lists for itself:
Quote corridor readme:
“corridor is not a replacement for using a well-designed operating system on your client computers, like Qubes with TorVM/Whonix.”
It is a supplement.
So when Whonix comes into play to, Whonix-Gateway should establish its own Tor circuits and then have a corridor-Gateway as a safety net checking that Whonix-Gateway does not try to establish non-Tor connections.
Qubes does not have networking on the host for security reasons. (In Qubes, the host is called dom0.)
[Which is great, because then the many and diverse wifi / lan drivers do not run on the same system, in kernel mode (!), together with everything else such as private gpg keys, but in an isolated NetVM.]
[And yes, Qubes host can be updated, networking and package download is done in a VM, just package verification and installation of Qubes host updates happens on Qubes host.]
So for Qubes only two things are possible:
- sys-corridor intermediary VM sitting between GW and sys-firewall
- sys-whonix -> sys-corridor -> sys-firewall -> sys-net -> internet
- anon-whonix -> sys-whonix -> sys-corridor -> sys-firewall -> sys-net -> internet
- standalone, physically isolated corridor-Gateway
For Non-Qubes-Whonix, installing corridor in a VM is not that useful. More useful:
That is not how it works.
A separate firewall - corridor - running on a different system is a safety net and leak tester for Whonix-Gateway. It cannot be combined with Whonix-Gateway.
What could be done would be making Whonix’s firewall more complex. Rather than “user debian-tor on Whonix-Gateway can establish any [IPv4] connection” it could be limited to “debian-tor may connect to Tor’s current entry guard[s] or bridge[s]”. Perhaps reusing some code that corridor is using. That would not be a “additional safety net and leak tester for Whonix-Gateway”, since that would run on Whonix-Gateway.