As a fan of Freenet due to its decentralization and anonymity and an user of Qubes OS, I wanted to combine these two to achieve better security. Specifically, my goal is to make it work like Whonix, splitting it into a “Freenet Gateway” and “Freenet Workstation”, with the latter not being able to connect to other places except the gateway.
- Create a firewallVm as the gateway, with the Freenet software installed on it.
- Create an appVm that uses the gateway as its firewallVm. This will act as the workstation.
- Right click the workstation entry in the VM manager, click “VM Settings”, and take note of the “IP” and “Gateway” address. These will be referred to as
[GATEWAY]respectively in the following steps.
- Navigate to the “Firewall rules” tab in the workstation settings, choose “Deny network access except…”, and untick all three boxes on the right.
- In the webUI of Freenet (on the gateway), navigate to “Configuration -> Web Interface”
- Change “IP address to bind to” to
- Change “Hostnames or IP addresses that are allowed to connect to the web interface” to
- Change “Hosts having a full access to the Freenet web interface” to
- In the gateway, add the following in
sudo chmod +x /rw/config/qubes-firewall-user-script:
iptables -I INPUT -s [GATEWAY]/8 -d [GATEWAY] -p tcp --dport 8888 -j ACCEPT
- Reboot the gateway
This way, Freenet can be accessed in the workstation VM at