Using workstations as IDE interpreter

hungryman · 2017-10-18 13:02:51 UTC

Hello everybody. I appreciate whonix community.

I wanna use whonix workstation as IDE interpreter. (for making my program anonymously connect internet ).
I think the best secure way is using IDE in workstation, but IDE is too heavy to run in VM.
So, I think about the way that using IDE in host OS and using workstation as IDE interpreter.

Then I read these articles.
1.Adding a Host-Only Networking Adapter to Whonix-Workstation / SSH into Whonix-Workstation
2.SSH into Whonix-Gateway
3.SSH into Whonix-Workstation

My scheme is using SSH port fowarding, and configure IDE to use workstation as interpreter with ssh.
( SSH: host > VM1(hiding host MAC address) > VM2(workstaion) > VM3(gateway) > internet )

I made below settings by myself.
Please advise me. These settings are secure?

Host OS VM settings

Hostonly network adpeter(vboxnet0)
IP 192.168.33.1
Netmask 255.255.255.0
(DHCP Server is disabled)

VM1(hiding host MAC address)

Host only adapter(vboxnet0)
IP 192.168.33.2
Netmask 255.255.255.0

Internal Network (“SSH”)
IP 192.168.10.1
Netmask 255.255.192.0

VM2(workstaion)

Internal Network (“SSH”)
IP 192.168.10.2
Netmask 255.255.192.0

Internal Network (“Whonix”)
IP 10.152.152.50
Netmask 255.255.192.0
Gateway 10.152.152.10
DNS 10.152.152.10

VM3(Whonix gateway)

Whonix gateway default settings

hungryman · 2017-10-18 15:41:09 UTC

Sorry, I should have asked "how to make anonymous development enviroment."
or “Best practice for making anonymous development enviroment”

Because, for example, if using chrome to confirm web site design, maybe google will know website title, meta info, and so on…

My opinion, at this time, I shoud use IDE in workstation, IDE is too heave to run in VM, but … securiry is more important.

And any other development software shoud be used in workstation VM.

because if i am sleepy or i am tipsy, there is possibility that i type “curl mysite.com”…
So best practice for secure, anonymous development, make whole enviroment in workstaion VM.

About these conclusion, I need Whonix comunity advice.

entr0py · 2017-10-18 23:56:06 UTC

I’m sorry, I don’t understand your workflow. Generally speaking,

One reason for using a hypervisor is to minimize the attack surface of the host. Dropping a bloated IDE in there is probably not the best idea - even worse if it connects out…
With exception of graphics, VM should support enough ram, cpu, disk to run many development loads. If you absolutely need bare metal, you can attempt to route physical workstation through Whonix-Gateway. But this is not recommended.
If you need anonymous routing (either your IDE or your project), then the entire IDE and project should be contained in your Workstation VM.

hungryman · 2017-10-21 09:30:45 UTC

thanks entr0py, your opinion are very helpful.

And I’m sorry for that my workflow and purpose are unclear.
I think, first of all, I need to make my workflow, then what I need become clear.