On Friday, 9 February 2018 19:02:09 UTC-5, Alex Dubois wrote: > On Friday, 9 February 2018 23:59:52 UTC, Alex Dubois wrote: > > On Friday, 9 February 2018 16:36:14 UTC, [email protected] wrote: > > > Yes, thanks for pointing out the typos. They are only mistakes in this > > > post. I use a script running in dom0 to generate pretty much everything. > > > The same script works when debian-8 is used. The interface is different > > > depending on the template > > > > I confirm I have the same issue. > > Please however note that I have another PCI NIC connected to an AppVM (My > > qubes also act as a firewall for home network) and we have no issue > > connecting outbound. > > Outbound connection as you know do not need the PRE-ROUTING rules, so also > > the problem is seen on the FORWARD rule, I suspect more the PRE-ROUTING > > rule is at fault and does not do its job. > > I'll try to dig into this, however I won't have much time this week... > > Also, could you clarify if you've tested on FirewallVM and if here again > Debian is OK and Fedora not. This might rule out issues with physical cards > (which I suspect is not the problem as PRE-ROUTING does get the packet).
Yes, if the template on sys-net is changed to Debian-8, but sys-firewall (FirewallVM) is left with fedora... sys-net does send the packet to sys-firewall, which then appears the same way... PREROUTING sees it, but FORWARD does not. Thanks. P.S. Debian-9 has issues as well, but I didn't test thoroughly with that. And I think Fedora-25 was working prior to some updates. I do enable testing repos for these templates, but don't know what package is the culprit and don't know how to rollback. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/f0164b14-9f80-4f6f-aab1-3988fd15bd87%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
