I2P: How to redirect traffic inside NetVM?

I created a ProxyVM called sys-i2p and installed i2pd inside its TemplateVM, the I2P proxy is running inside the sys-i2p VM at

I can’t seem to figure out how to redirect traffic to the proxy.

Any help will be much appreciated.

I am also interested in alternate networking.

I was able once to get garlic routing working in Ice Raven browser.

Does anyone know about mixnode networking like Nym, or about Yggdrasil, or Freenet? It would be cool to make a sys qube for every alternate networking schemata.

Do you mean assign sys-i2p that provides network to another qube? Go to qube settings and designate it as the network for that qube.

First, you need to have i2p listening on the network interface used by other qubes and not only on which will be unreachable.

Secondly, I have no idea if it’s possible to redirect the traffic to the i2p proxy because of protocol mismatch. I2P isn’t a VPN per se, it offers a proxy to the I2P network, you can’t redirect an HTTPS connection to the I2P proxy and expect it to work. However, a global setting setting HTTP_PROXY to sys-i2p IP on port 4444 may work.

Just my five cent… as I haven’t spend time on that topic: I would suggest to look out for set up transparent proxy with a search engine of your choice. A search might deliver articles like this:

Instead of a squid-proxy you would use your i2p-proxy/gateway or whatever. Also, you might want to take a look into the whonix-gw that QubesOs provides:

root@host:~# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --              ctstate INVALID
DROP       all  --              state INVALID
DROP       tcp  --              tcp flags:0x3F/0x17
DROP       tcp  --              tcp flags:0x03/0x03
DROP       tcp  --              tcp flags:0x06/0x06
DROP       all  -f  
DROP       tcp  --              tcp flags:0x3F/0x3F
DROP       tcp  --              tcp flags:0x3F/0x00
ACCEPT     tcp  --              tcp dpt:8082
ACCEPT     all  --  
ACCEPT     all  --              state ESTABLISHED
DROP       icmp --  
ACCEPT     udp  --              udp dpt:5300
ACCEPT     tcp  --              tcp dpt:9040
ACCEPT     tcp  --              tcp dpt:9051
ACCEPT     tcp  --              tcp dpt:9050
ACCEPT     tcp  --              tcp dpt:9100
ACCEPT     tcp  --              tcp dpt:9101
ACCEPT     tcp  --              tcp dpt:9102
ACCEPT     tcp  --              tcp dpt:9103
ACCEPT     tcp  --              tcp dpt:9104
ACCEPT     tcp  --              tcp dpt:9105
ACCEPT     tcp  --              tcp dpt:9106
ACCEPT     tcp  --              tcp dpt:9107
ACCEPT     tcp  --              tcp dpt:9108
ACCEPT     tcp  --              tcp dpt:9109
ACCEPT     tcp  --              tcp dpt:9110
ACCEPT     tcp  --              tcp dpt:9111
ACCEPT     tcp  --              tcp dpt:9114
ACCEPT     tcp  --              tcp dpt:9115
ACCEPT     tcp  --              tcp dpt:9117
ACCEPT     tcp  --              tcp dpt:9118
ACCEPT     tcp  --              tcp dpt:9122
ACCEPT     tcp  --              tcp dpt:9123
ACCEPT     tcp  --              tcp dpt:9124
ACCEPT     tcp  --              tcp dpt:9125
ACCEPT     tcp  --              tcp dpt:9150
ACCEPT     tcp  --              multiport dports 9152:9189
DROP       all  --  

Chain FORWARD (policy DROP)
target     prot opt source               destination
REJECT     all  --              reject-with icmp-admin-prohibited

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --              tcp spt:8082
ACCEPT     udp  --              owner UID match 999 ctstate NEW udp dpt:5400
ACCEPT     tcp  --              owner UID match 999 ctstate NEW tcp dpt:9041
REJECT     all  --              ctstate INVALID reject-with icmp-admin-prohibited
REJECT     all  --              state INVALID reject-with icmp-admin-prohibited
REJECT     tcp  --              tcp flags:0x3F/0x17 reject-with icmp-admin-prohibited
REJECT     tcp  --              tcp flags:0x03/0x03 reject-with icmp-admin-prohibited
REJECT     tcp  --              tcp flags:0x06/0x06 reject-with icmp-admin-prohibited
REJECT     all  -f              reject-with icmp-admin-prohibited
REJECT     tcp  --              tcp flags:0x3F/0x3F reject-with icmp-admin-prohibited
REJECT     tcp  --              tcp flags:0x3F/0x00 reject-with icmp-admin-prohibited
ACCEPT     all  --              state ESTABLISHED
ACCEPT     all  --  
ACCEPT     all  --              owner UID match 108
ACCEPT     all  --              owner UID match 106
ACCEPT     all  --              owner UID match 105
REJECT     all  --              reject-with icmp-admin-prohibited

mangle is empty, nat is even more crowded ( sudo iptables -L -n -t nat ).