On Friday, 9 February 2018 19:02:09 UTC-5, Alex Dubois  wrote:
> On Friday, 9 February 2018 23:59:52 UTC, Alex Dubois  wrote:
> > On Friday, 9 February 2018 16:36:14 UTC, joev...@gmail.com  wrote:
> > > Yes, thanks for pointing out the typos.  They are only mistakes in this 
> > > post.  I use a script running in dom0 to generate pretty much everything. 
> > >  The same script works when debian-8 is used.  The interface is different 
> > > depending on the template
> > 
> > I confirm I have the same issue.
> > Please however note that I have another PCI NIC connected to an AppVM (My 
> > qubes also act as a firewall for home network) and we have no issue 
> > connecting outbound.
> > Outbound connection as you know do not need the PRE-ROUTING rules, so also 
> > the problem is seen on the FORWARD rule, I suspect more the PRE-ROUTING 
> > rule is at fault and does not do its job.
> > I'll try to dig into this, however I won't have much time this week...
> Also, could you clarify if you've tested on FirewallVM and if here again 
> Debian is OK and Fedora not. This might rule out issues with physical cards 
> (which I suspect is not the problem as PRE-ROUTING does get the packet).

Yes, if the template on sys-net is changed to Debian-8, but sys-firewall 
(FirewallVM) is left with fedora... sys-net does send the packet to 
sys-firewall, which then appears the same way... PREROUTING sees it, but 
FORWARD does not.


Debian-9 has issues as well, but I didn't test thoroughly with that.  And I 
think Fedora-25 was working prior to some updates.  I do enable testing repos 
for these templates, but don't know what package is the culprit and don't know 
how to rollback.

You received this message because you are subscribed to the Google Groups 
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to