Whonix-Workstation: The Firewall does NOT run on my Whonix-Workstation

Meike · July 18, 2015, 9:09am

Hi there,

reading the Whonix’ s DOCS it was my understanding that the Whonix-Workstation should be “firewalled”.

On my Whonix-Workstation I run the following command and I got the following output:

user@host:~$ sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Therefore it seems to me that my Whonix-Workstations’ FW-ruleset is empty.

Am I right? And if so why is the FW not running? Or am I making something wrong here?

Thank you for your help
Meike

Greenwhonix · July 18, 2015, 9:28am

Whonix Workstation is “firewalled” by Whonix Gateway

Pay attention to the network settings of the Workstation virtual machine. It does not use NAT or Bridged type, it uses an internal network. So all network traffic from Workstation goes to the Gateway VM.

Meike · July 18, 2015, 10:46am

Yes, you are right, but I knew that already that the Whonix-GW and Whonix-WS are talking to eachother over the ‘internal network’, that is 10.152.152.0 /18.

But running a separated FW on the Whonix-WS as well wouldn’ t make it more safe and somehow “isolated” from the Whonix-GW?

Patrick · July 18, 2015, 10:58pm

First google search result for
whonix workstation firewall

Meike · July 19, 2015, 5:39am

This made the job.

Perfect!

Thank you indeed.