Qubes/Whonix as an Internet Gateway for a client machine

[abr...@pm.me]

How can one route other computers on the same LAN through Qubes/Whonix Gateway to take advantage of the security features!? 

[unman]

On Sun, Apr 19, 2020 at 07:44:57PM +0000, abra00 via qubes-users wrote:
> How can one route other computers on the same LAN through Qubes/Whonix Gateway to take advantage of the security features!?

You almost certainly don't want to do this - the security features
offered by Whonix in this context are minimal - you would be far
better to install a dedicated hardened Tor gateway on some other
machine on your network.

Think of what you would need to do: open inbound traffic on the Qubes
machine to route traffic through sys-firewall and on to the downstream
side of sys-whonix, and then route it back out through the same qubes.
You almost certainly couldn't do this on the Whonix qube without voiding
the warranty.
Do you see why it is not a good idea?

[*Null* **]

Another option, depending on the machine, is add another ethernet nic or wifi dongle. Create a vm that 'provides network' and enable network manager in that vm (im calling it sys-lan here). Then assign the new nic or dongle to sys-lan.

Assign netVMs like usual sys-net>sys-firewall>sys-whonix>sys-lan

Traffic will then flow through qubes normally with sys-lan assigning ip and dns settings to whatever is on the sys-lan nic.