Hello everybody, although I understand it's a bit early, I've got a project idea for the 2021 GSoC. I plan to also apply to it as a student if it gets reviewed and approved, but that of course will come later.
# Qubes GSoC 2021: Simplified external port forwarding and automatic NAT traversal ## Introduction Forwarding ports to Qubes VM is currently possible only though a multi step, error prone, manual process that also requires writing custom configuration in order to survive between reboots. Things as simple as starting a webserver or netcat for lan file sharing can be eventually a troublesome and time-wasting process[1][2]. Furthermore, applications that rely on NAT traversal protocols such as those for audio and video communications do not work in direct P2P mode with STUN and always use TURN instead[3]. ## Project goals Implement a GUI for automatic and persistent, eventually with a predefined timespan (ie: until reboot), port forwarding. The idea is to split horizontally the "Firewall Rules" tab in the "Qubes Settings" window and add another area below it. Add a checkbox to enable NAT traversal requests. When the checkbox is selected, the FirwallVM will redirect NAT traversal requests to a local python daemon or a dedicated VM that will negotiate the NAT traversal and configure the network accordingly. In this case, prompt the user in Dom0 about the NAT traversal request. Of course the qvm-* set of tools must e able to achieve the same tasks via CLI. ## Implementation Implementation will be discussed after the project idea is reviewed. ## Timeline Too early to plan, discuss implementation first. ## About me I'm a early adopter and long time QubesOS user. I've been using QubesOS ad my main operating systems for 5 years now. Although I've never contributed (yet) to the QubesOS source code, I've sometimes written about it[4]. Port forwarding is an issue that often arises in my daily usage, both for file sharing, tests, and in the field of security for serving payloads or receiving reverse shells. I will be graduating in March and I'm currently applying for some masters that will all eventually start on Semptember 2021. This will leave me with plenty of time for both working on the idea and then complete the task. I've already worked both privately and with my University with deadlines. I've a broad experience in python and in debugging problems in Qubes. In the past I've both done some security research and some personal projects, most of them can be found at [5]. [1] - https://github.com/QubesOS/qubes-issues/issues/3556 [2] - https://www.reddit.com/r/Qubes/comments/8cb57i/how_to_achieve_qube_to_qube_communication_port/ [3] - https://github.com/QubesOS/qubes-issues/issues/6225 [4] - https://git.lsd.cat/g/thinkpad-coreboot-qubes [5] - https://lsd.cat -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/34100fb0-60e7-21f8-8130-998529772785%40anche.no.
