{{Header}}
{{title|
title=Access {{project_name_gateway_long}} Ports from the Host
}}
{{#seo:
|description=Access {{project_name_gateway_short}} Port From Host (Esoteric Documentation)
|image=Accessgateway.jpg
}}
{{complex_networking_mininav}}
[[File:Accessgateway.jpg|thumb]]
{{intro|
Access {{project_name_gateway_short}} Port From Host (Esoteric Documentation)
}}
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = This is very esoteric and you probably do not need it! Advanced users only!
}}
= Access {{project_name_gateway_short}} Port From Host =
'''Not tested since {{project_name_long}} 0.5.6. May or may not work. Might need changes for later versions.'''
== Example: Make port 9050 accessible from the host. ==
=== Host Setup ===
On the host.
In the {{project_name_gateway_short}} VM network settings. → Set up Port Forwarding: → within the Adapter 1 tab click Advanced → then Port Forwarding → Insert a new rule as follows.
Name: 9050
Protocol: TCP
Host IP: 127.0.0.1
Host Port: 9050
Guest IP: leave blank
Guest Port: 9050
Or the same as command line. You might have to adjust the name of your Whonix-Gateway.
Xfce:
{{CodeSelect|code=
VBoxManage modifyvm "{{project_name_gateway_short}}-Xfce" --natpf1 "9050",tcp,127.0.0.1,9050,,9050
}}
CLI:
{{CodeSelect|code=
VBoxManage modifyvm "{{project_name_gateway_short}}-CLI" --natpf1 "9050",tcp,127.0.0.1,9050,,9050
}}
=== {{project_name_gateway_short}} Setup ===
Inside {{project_name_gateway_short}}...
IP 10.0.2.15 is usually obtained from VirtualBox's DHCP server. Hope this always works, otherwise you have to adjust the IP or edit the network config. And use a static virtual LAN IP. ([[Template:Network_Config]])
{{Open /usr/local/etc/torrc.d/50_user.conf}}
Add. (The second line is not strictly required, useful for debugging.)
{{CodeSelect|code=
+SocksPort 10.0.2.15:9050
+SocksPort 127.0.0.1:9050
}}
Save.
{{Reload_Tor}}
[
* https://github.com/Whonix/whonix-firewall/blob/master/etc/whonix_firewall.d/30_whonix_gateway_default.conf
* https://forums.whonix.org/t/redirect-host-traffic-to-whonix-gateway-allow-multiple-incoming-flashproxy-ports/7448
* Look at ]/etc/whonix_firewall.d/30_whonix_gateway_default.conf.
{{Open File|filename=
/etc/whonix_firewall.d/30_whonix_gateway_default.conf
}}
Read information about the following configuration options.
{{CodeSelect|code=
EXTERNAL_OPEN_PORTS+=" 9050 "
EXTERNAL_UDP_OPEN_PORTS+=" 9050 "
}}
{{Firewall_Settings}}
Add.
{{CodeSelect|code=
EXTERNAL_OPEN_PORTS+=" 9050 "
EXTERNAL_UDP_OPEN_PORTS+=" 9050 "
}}
Save.
{{Reload_Firewall}}
== Debugging ==
Inside {{project_name_gateway_short}}...
Switch to clearnet user.
{{CodeSelect|code=
sudo -u clearnet bash
}}
{{CodeSelect|code=
cd ~
}}
Test if the port you want to make available on the host is available from inside {{project_name_workstation_long}}. (If that's not the case, something is fundamentally wrong and you need to fix this first.)
Circumventing [[Stream_Isolation|uwt]] curl wrapper.
{{CodeSelect|code=
UWT_DEV_PASSTHROUGH=1 curl --output - 127.0.0.1:9050
}}
It should answer This is a SOCKs proxy, not an HTTP proxy..
== Testing ==
On the host...
{{CodeSelect|code=
curl 127.0.0.1:9050
}}
It should answer This is a SOCKs proxy, not an HTTP proxy..
If you see that, that indicates that Tor is, which runs inside {{project_name_gateway_short}} is accessible on the host as well.
== Forwarding that port to LAN ==
On the host...
This is untested, but should work.
You can use something like socat, systemd-socket-proxyd or [[SSH]] port forwarding to redirect that port 127.0.0.1:9050 to a different network interface. Otherwise you could experiment with the {{project_name_gateway_short}} VM network settings.
= See Also =
* [[Host_a_Bridge_or_Tor_Relay|Hosting a (private) (obfuscated) bridge or (exit) relay]]
* [[Ports]]
* [[Access Workstation Port From Host|Access {{project_name_workstation_short}} Ports from the Host]]
= Footnotes =
{{Footer}}
[[Category:Documentation]]