option to bind target port to 0.0.0.0 #553

New Issue

nyxnor · 2022-10-14T21:08:34Z

nyxnor commented

2022-10-14 21:08:34 +00:00

System: Whonix

tcp        0      0 127.0.0.1:26726         0.0.0.0:*               LISTEN      716757/cwtch        
tcp        0      0 127.0.0.1:25712         0.0.0.0:*               LISTEN      716757/cwtch

Cwtch binds to 127.0.0.1:RAND
For services to be reacheable, the Workstation needs to set the service to bind to 0.0.0.0, so it can listen on the internal network interface Qubes IP or 10.152.152.11 for Whonix KVM or Virtual Box. If Cwtch binds to 0.0.0.0, then we don't need to worry about the correct ip, as it will be reacheable on all interfaces. This is not a problem for whonix as it is firewalled and only connected to the Gateway that routes everything through tor.

I understand the reason Cwtch binds to 127.0.0.1 for normal systems, but for Whonix it won't work. Bitcoind for example defaults to 127.0.0.1 and we have to manually edit the bitcoin.conf to set 0.0.0.0. But for Cwtch there is no conf.

Can a UI configuration option be added to bind listening address to all interfaces or option to set the interface to bind to? This would be very useful for systems that are firewalled and use internal network interfaces.

System: Whonix ``` tcp 0 0 127.0.0.1:26726 0.0.0.0:* LISTEN 716757/cwtch tcp 0 0 127.0.0.1:25712 0.0.0.0:* LISTEN 716757/cwtch ``` Cwtch binds to `127.0.0.1:RAND` For services to be reacheable, the Workstation needs to set the service to bind to `0.0.0.0`, so it can listen on the internal network interface Qubes IP or 10.152.152.11 for Whonix KVM or Virtual Box. If Cwtch binds to `0.0.0.0`, then we don't need to worry about the correct ip, as it will be reacheable on all interfaces. This is not a problem for whonix as it is firewalled and only connected to the Gateway that routes everything through tor. I understand the reason Cwtch binds to 127.0.0.1 for normal systems, but for Whonix it won't work. Bitcoind for example defaults to 127.0.0.1 and we have to manually edit the bitcoin.conf to set 0.0.0.0. But for Cwtch there is no conf. Can a UI configuration option be added to `bind listening address to all interfaces` or option to set the interface to bind to? This would be very useful for systems that are firewalled and use internal network interfaces.

nyxnor commented

2022-10-14 21:31:46 +00:00

5996d426c1/tor/listen.go (L129)

	// Create the local listener if necessary
	svc.LocalListener = conf.LocalListener
	if svc.LocalListener == nil {
		if svc.LocalListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(conf.LocalPort)); err != nil {
			return nil, err
		}
	}

To clarify the first port, the only thing I am asking it to make 127.0.0.1 become a variable so it can have other values. I know this will require some changes on the UI so it may take some time.

Anyway, loving the UI so far, it is the best chat client I've ever used, and I am not talking about private open source messengers, but in general, it has made the experience so nice that I hope in the future I can say for normies to use it without requiring a cell phone like Signal.

https://git.openprivacy.ca/openprivacy/bine/src/commit/5996d426c1ac17fb6c9ba87177fab51a0ca53233/tor/listen.go#L129 ```go // Create the local listener if necessary svc.LocalListener = conf.LocalListener if svc.LocalListener == nil { if svc.LocalListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(conf.LocalPort)); err != nil { return nil, err } } ``` To clarify the first port, the only thing I am asking it to make `127.0.0.1` become a variable so it can have other values. I know this will require some changes on the UI so it may take some time. --- Anyway, loving the UI so far, it is the best chat client I've ever used, and I am not talking about private open source messengers, but in general, it has made the experience so nice that I hope in the future I can say for normies to use it without requiring a cell phone like Signal.

nyxnor commented

2022-10-15 15:01:33 +00:00

Some Whonix documentation for more detailed information.

https://github.com/Kicksecure/proposals/blob/master/635-listen-port-convention.txt

https://www.whonix.org/wiki/Dev/Project_friendly_applications_best_practices#Listen_Interface

So as per Whonix recommendation, it doesn't even need a UI config, that would require more code change, instead detecting Whonix and setting the correct binding interface seems more practical for the Cwtch developers.

Python example:

    # In Whonix, listen on 0.0.0.0 instead of 127.0.0.1
    if os.path.exists('/usr/share/anon-ws-base-files/workstation'):
        host = '0.0.0.0'
    else:
        host = '127.0.0.1'

Some Whonix documentation for more detailed information. https://github.com/Kicksecure/proposals/blob/master/635-listen-port-convention.txt https://www.whonix.org/wiki/Dev/Project_friendly_applications_best_practices#Listen_Interface So as per Whonix recommendation, it doesn't even need a UI config, that would require more code change, instead detecting Whonix and setting the correct binding interface seems more practical for the Cwtch developers. Python example: ```python # In Whonix, listen on 0.0.0.0 instead of 127.0.0.1 if os.path.exists('/usr/share/anon-ws-base-files/workstation'): host = '0.0.0.0' else: host = '127.0.0.1' ```

sarah added the

cwtch-beta-1.10

label 2022-10-20 18:57:23 +00:00

sarah added this to the Cwtch Beta (In Progress) project 2022-10-20 18:57:30 +00:00

sarah added the

bugbash

label 2022-10-22 15:56:34 +00:00

sarah removed the

cwtch-beta-1.10

label 2022-11-22 21:06:55 +00:00

sarah added the

whonix

label 2023-03-29 19:33:02 +00:00

sarah added the

stable-blocker

label 2023-08-14 20:40:02 +00:00

sarah modified the project from Cwtch Beta (In Progress) to Stable Blockers

2023-08-14 20:40:22 +00:00

sarah commented

2023-08-16 22:49:20 +00:00

Implemented in: openprivacy/connectivity#47

Initial documentation stub here: https://docs.cwtch.im/docs/platforms/whonix

Implemented in: https://git.openprivacy.ca/openprivacy/connectivity/pulls/47 Initial documentation stub here: https://docs.cwtch.im/docs/platforms/whonix

nyxnor commented

2023-09-02 20:06:06 +00:00

Doc update cwtch.im/docs.cwtch.im#10

Doc update https://git.openprivacy.ca/cwtch.im/docs.cwtch.im/pulls/10

sarah closed this issue

2023-09-25 20:11:40 +00:00

Sign in to join this conversation.