As a fan of Freenet due to its decentralization and anonymity and an user of Qubes OS, I wanted to combine these two to achieve better security. Specifically, my goal is to make it work like Whonix, splitting it into a “Freenet Gateway” and “Freenet Workstation”, with the latter not being able to connect to other places except the gateway.

Steps

  1. Create a firewallVm as the gateway, with the Freenet software installed on it.
  2. Create an appVm that uses the gateway as its firewallVm. This will act as the workstation.
  3. Right click the workstation entry in the VM manager, click “VM Settings”, and take note of the “IP” and “Gateway” address. These will be referred to as [IP] and [GATEWAY] respectively in the following steps.
  4. Navigate to the “Firewall rules” tab in the workstation settings, choose “Deny network access except…”, and untick all three boxes on the right.
  5. In the webUI of Freenet (on the gateway), navigate to “Configuration -> Web Interface”
  6. Change “IP address to bind to” to [GATEWAY]
  7. Change “Hostnames or IP addresses that are allowed to connect to the web interface” to 127.0.0.1,[IP],[GATEWAY].
  8. Change “Hosts having a full access to the Freenet web interface” to 127.0.0.1,[GATEWAY].
  9. In the gateway, add the following in /rw/config/qubes-firewall-user-script and run sudo chmod +x /rw/config/qubes-firewall-user-script:
    iptables -I INPUT -s [GATEWAY]/8 -d [GATEWAY] -p tcp --dport 8888 -j ACCEPT
    
  10. Reboot the gateway

This way, Freenet can be accessed in the workstation VM at http://[GATEWAY]:8888/.