I know that this is a bit off-topic, but I think that it can be of interest for Whonix users. Feel free to close the topic if you think otherwise.
So I have been playing around with iptables and VM networking and I was able to forward traffic from a proxy/gateway VM to another VM with this kind of rules:
sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
sudo iptables -A FORWARD -i enp0s3 -o enp0s8 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
For VPN configuration, I just replace “enp0s3” by “tun0”:
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o enp0s8 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp0s8 -o tun0 -j ACCEPT
However, this setting requires IP forwarding in order to work:
echo 1 > /proc/sys/net/ipv4/ip_forward
How does the Whonix Gateway achieves this withouth IP forwarding? Is it Tor related? Or is there something else that I am missing?