General task: route traffic trough nym->tor chain. Ubuntu 20.04, qubes 4.0, kernel 5.4.88-1.
Subtask: route all the VM traffic to local port with socks5 proxy to use it as a network VM.
Which iptables rules I should deploy? I’ve found this article, but I don’t know how is it compatible with qubes VM (and actually I never did anything with iptables). Anyone done something like this?
My current iptables chains:
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
DROP udp -- anywhere anywhere udp dpt:bootpc
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
QBS-FORWARD all -- anywhere anywhere
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain QBS-FORWARD (1 references)
target prot opt source destination
Reason why I can’t just run a nym’s socks5 on a whonix gateway and use SOCKS5Proxy in torrc: nym’s client requires libc 2.29+ and whonix gw-15 has only 2.28 (since it based on debian stable). Manually upgrading libc is advised strongly against since it’s a core system part (also probably that’s too nerdy and time-consuming\bugs-generating).
New debian stable will be released in a month (I guess), so we’ll see new whonix version too in some time.