{{Header}} {{title| title=Access {{project_name_gateway_long}} Ports from the Host }} {{#seo: |description=Access {{project_name_gateway_short}} Port From Host (Esoteric Documentation) |image=Accessgateway.jpg }} [[image:Accessgateway.jpg|thumb]] {{intro| Access {{project_name_gateway_short}} Port From Host (Esoteric Documentation) }} {{mbox | type = notice | image = [[File:Ambox_notice.png|40px|alt=Info]] | text = This is very esoteric and you probably do not need it! Advanced users only! }} = Access {{project_name_gateway_short}} Port From Host = '''Not tested since {{project_name_long}} 0.5.6. May or may not work. Might need changes for later versions.''' == Example: Make port 9050 accessible from the host. == === Host Setup === On the host. In the {{project_name_gateway_short}} VM network settings. → Set up Port Forwarding: → within the Adapter 1 tab click Advanced → then Port Forwarding → Insert a new rule as follows.
Name: 9050
Protocol: TCP
Host IP: 127.0.0.1
Host Port: 9050
Guest IP: leave blank
Guest Port: 9050
Or the same as command line. You might have to adjust the name of your Whonix-Gateway. Xfce: {{CodeSelect|code= VBoxManage modifyvm "{{project_name_gateway_short}}-Xfce" --natpf1 "9050",tcp,127.0.0.1,9050,,9050 }} CLI: {{CodeSelect|code= VBoxManage modifyvm "{{project_name_gateway_short}}-CLI" --natpf1 "9050",tcp,127.0.0.1,9050,,9050 }} === {{project_name_gateway_short}} Setup === Inside {{project_name_gateway_short}}... IP 10.0.2.15 is usually obtained from VirtualBox's DHCP server. Hope this always works, otherwise you have to adjust the IP or edit the network config. And use a static virtual LAN IP. ([[Template:Network_Config]]) {{Open /usr/local/etc/torrc.d/50_user.conf}} Add. (The second line is not strictly required, useful for debugging.) {{CodeSelect|code= +SocksPort 10.0.2.15:9050 +SocksPort 127.0.0.1:9050 }} Save. {{Reload_Tor}} * https://github.com/Whonix/whonix-firewall/blob/master/etc/whonix_firewall.d/30_whonix_gateway_default.conf * https://forums.whonix.org/t/redirect-host-traffic-to-whonix-gateway-allow-multiple-incoming-flashproxy-ports/7448 * Look at /etc/whonix_firewall.d/30_whonix_gateway_default.conf. {{Open File|filename= /etc/whonix_firewall.d/30_whonix_gateway_default.conf }} Read information about the following configuration options. {{CodeSelect|code= EXTERNAL_OPEN_PORTS+=" 9050 " EXTERNAL_UDP_OPEN_PORTS+=" 9050 " }} {{Firewall_Settings}} Add. {{CodeSelect|code= EXTERNAL_OPEN_PORTS+=" 9050 " EXTERNAL_UDP_OPEN_PORTS+=" 9050 " }} Save. {{Reload_Firewall}} == Debugging == Inside {{project_name_gateway_short}}... Switch to clearnet user. {{CodeSelect|code= sudo -u clearnet bash }} {{CodeSelect|code= cd ~ }} Test if the port you want to make available on the host is available from inside {{project_name_workstation_long}}. (If that's not the case, something is fundamentally wrong and you need to fix this first.) Circumventing [[Stream_Isolation|uwt]] curl wrapper. {{CodeSelect|code= UWT_DEV_PASSTHROUGH=1 curl --output - 127.0.0.1:9050 }} It should answer This is a SOCKs proxy, not an HTTP proxy.. == Testing == On the host... {{CodeSelect|code= curl 127.0.0.1:9050 }} It should answer This is a SOCKs proxy, not an HTTP proxy.. If you see that, that indicates that Tor is, which runs inside {{project_name_gateway_short}} is accessible on the host as well. == Forwarding that port to LAN == On the host... This is untested, but should work. You can use something like socat, systemd-socket-proxyd or [[SSH]] port forwarding to redirect that port 127.0.0.1:9050 to a different network interface. Otherwise you could experiment with the {{project_name_gateway_short}} VM network settings. = See Also = * [[Host_a_Bridge_or_Tor_Relay|Hosting a (private) (obfuscated) bridge or (exit) relay]] * [[Ports]] * [[Access Workstation Port From Host|Access {{project_name_workstation_short}} Ports from the Host]] {{Footer}} [[Category:Documentation]]