Sys-whonix tor log saying "This allows everybody on your local network to use your machine as a proxy."

[notice] You configured a non-loopback address ‘’ for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.

Is that really a bad thing? I’m trying to update Whonix, but I guess I didn’t do it right. If this problem is going to be difficult for new users to solve, I can reinstall qubes os but I need to update it again because it is important to update whonix for privacy and security :frowning: .

My answer : It’s normal.

Dev answer : Tor really listens on that IP/port. It is Whonix-Gateway ™ network interface and is only available to Whonix-Workstation ™. This restriction is enforced by an internal network with Whonix-Workstation ™(s) and because Whonix-Gateway ™ is firewalled; see /usr/bin/whonix_firewall or the Whonix ™ source code for more information.


Does this event apply to all tor relay users? I’m still learning, and I don’t know much about it. If this incident will not distinguish it from other users and will not cause a security problem, it should not be a problem for me either, but I still do not understand why such a post has come out.

And since my Tor relay connection was successful, my qube installation was successful?

I only used this code to install= sudo qubesctl state.sls qvm.anon-whonix

The whonix-qube network I installed came with sys-whonix set. I saw an article on the Whonix site that said,

Warning:** Only use Whonix-Gateway ™ ( sys-whonix ) for running Tor!

I think there might be a leak in me according to this article. When I open Whonix, the tor-relay is logged in with sys-whonix, but according to the article, the gateway needs to be used? :confused: .

Now I realize that what they call gateway is the sys-whonix :slight_smile: that has already been created.

If I got it right, that’s all I’m worried about;

This allows everybody on your local network to use your machine as a proxy.

Yes as long as the netvm is sys-whonix.

If you haven’t occur any error, you should fine, but if you want, you can reinstall whonix gw and ws template, then use salt to build qube.

It’s right command, have you seen any fail return marked as red colour?

Have you configure something in both whonix ws and gw template? if none, default are fine.

It’s how qubes work, qubes use proxy everywhere.

when you run anon-whonix state, you actually run a full build of whonix in default :

  • template whonix gw
  • template whonix ws
  • domain anon whonix > using ws
  • domain whonix dvm > using ws
  • service sys-whonix > using gw

and you should consider that :

Using DispVMs for both the Whonix ™ Gateway and Workstation in Qubes R4 does not increase security without any corresponding privacy downside, for the following reasons: [17] [18] [19]

  • DispVMs are not amnesic. In practice this means traces of their activity can be left on storage or in memory, making them vulnerable to forensic operations. [20]

  • Using a DispVM for the Whonix-Gateway ™ results in non-persistent entry guards to the Tor network; behavior unlike the default configurations for Whonix ™, Tor, and the Tor Browser Bundle. Mathematically speaking, end-to-end correlation attacks are more likely to succeed when a user chooses many random entry and exit points in the Tor network, rather than semi-permanent entry guards which are only rotated every few months. [21] [22]

  • The solution to the first problem is only allowing in-RAM execution of DisposableVMs[archive], but this is not planned for implementation in the short-term. There is no perfect solution to the second problem. That said, there is an actual unstated security-privacy trade-off by running this configuration. Theoretically, an ephemeral Whonix-Gateway ™ ProxyVM is only able to be infected for a single session (via the /home , /usr/local and /rw directories), since it is discarded upon shutdown. This provides a counterbalance to the increased threat of malicious guards, as Whonix ™ becomes more “Tails-like”

1 Like

If I can get a history of the command. I can show you the right printout, but I don’t know how to get it. I’ve only seen some whonix words, versions, etc.
I learn;
the ID address of the code I typed after typing “history” in the terminal "! (number of command) "and he gave me the printout;
Succeeded: 13
Failed : 0


So it’s not about tor relay. There’s nothing wrong with security?

Yes, these have been installed default.

Do not start Tor Browser in the whonix-ws TemplateVM or whonix-ws-dvm DisposableVM-TemplateVM! It is unexpected behavior and dangerous.

What qube do I need to use to start the Tor browser? Anon-whonix?

Yes, but just for “legit” site or you sure that there’s no malware or malicious script there.
for random site use dvm.

1 Like

This feedback may be more relevant at the whonix forums:

Or even reported as a whonix bug with the whonix project.

I saw this;

and this;

Develepor says for last article log;

The log contains nothing interesting.

I guess this is a normal log? What do you think of these articles?