I created a ProxyVM called sys-i2p and installed i2pd inside its TemplateVM, the I2P proxy is running inside the sys-i2p VM at 127.0.0.1:4444.
I can’t seem to figure out how to redirect traffic to the proxy.
Any help will be much appreciated.
I am also interested in alternate networking.
I was able once to get garlic routing working in Ice Raven browser.
Does anyone know about mixnode networking like Nym, or about Yggdrasil, or Freenet? It would be cool to make a sys qube for every alternate networking schemata.
Do you mean assign sys-i2p that provides network to another qube? Go to qube settings and designate it as the network for that qube.
First, you need to have i2p listening on the network interface used by other qubes and not only on 127.0.0.1 which will be unreachable.
Secondly, I have no idea if it’s possible to redirect the traffic to the i2p proxy because of protocol mismatch. I2P isn’t a VPN per se, it offers a proxy to the I2P network, you can’t redirect an HTTPS connection to the I2P proxy and expect it to work. However, a global setting setting HTTP_PROXY to sys-i2p IP on port 4444 may work.
Just my five cent… as I haven’t spend time on that topic: I would suggest to look out for set up transparent proxy with a search engine of your choice. A search might deliver articles like this:
https://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
Instead of a squid-proxy you would use your i2p-proxy/gateway or whatever. Also, you might want to take a look into the whonix-gw that QubesOs provides:
root@host:~# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x17
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
DROP all -f 0.0.0.0/0 0.0.0.0/0
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8082
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5300
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9040
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9051
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9050
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9100
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9101
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9102
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9103
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9104
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9105
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9106
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9107
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9108
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9109
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9111
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9114
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9115
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9117
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9118
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9122
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9123
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9124
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9125
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9150
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 9152:9189
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-admin-prohibited
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8082
ACCEPT udp -- 0.0.0.0/0 127.0.0.1 owner UID match 999 ctstate NEW udp dpt:5400
ACCEPT tcp -- 0.0.0.0/0 127.0.0.1 owner UID match 999 ctstate NEW tcp dpt:9041
REJECT all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID reject-with icmp-admin-prohibited
REJECT all -- 0.0.0.0/0 0.0.0.0/0 state INVALID reject-with icmp-admin-prohibited
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x17 reject-with icmp-admin-prohibited
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 reject-with icmp-admin-prohibited
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 reject-with icmp-admin-prohibited
REJECT all -f 0.0.0.0/0 0.0.0.0/0 reject-with icmp-admin-prohibited
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F reject-with icmp-admin-prohibited
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 reject-with icmp-admin-prohibited
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 108
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 106
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 105
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-admin-prohibited
mangle is empty, nat is even more crowded ( sudo iptables -L -n -t nat ).