El jueves, 18 de agosto de 2016, 9:45:44 (UTC-6), Marek Marczykowski-Górecki escribió: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On Thu, Aug 18, 2016 at 08:25:34AM -0700, Adrian Rocha wrote: > > El viernes, 12 de agosto de 2016, 2:34:52 (UTC-6), Marek > > Marczykowski-Górecki escribió: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA256 > > > > > > On Thu, Aug 11, 2016 at 11:07:54AM -0700, Adrian Rocha wrote: > > > > Hi, > > > > > > > > I have two network devices and one only USB controller, so both devices > > > > are in the same VM (sys-usb). I want to route some app-VMs by one > > > > network and the rest by the other network, for that I have created two > > > > firewall VMs but both are connected to the same network VMs because, as > > > > I commented, I can not divide the network devices in different VMs. > > > > By default all the traffic is going by only one network device. This is > > > > the configuration in my sys-usb: > > > > > > > > [user@sys-usb ~]$ ip route list > > > > default via 172.20.1.1 dev enp0s0u2 proto static metric 100 > > > > default via 192.168.8.1 dev enp0s0u3 proto static metric 101 > > > > 10.137.4.8 dev vif2.0 scope link metric 32750 > > > > 10.137.4.29 dev vif9.0 scope link metric 32743 > > > > 172.20.0.0/21 dev enp0s0u2 proto kernel scope link src 172.20.2.255 > > > > metric 100 > > > > 192.168.8.0/24 dev enp0s0u3 proto kernel scope link src > > > > 192.168.8.100 metric 100 > > > > > > > > The firewall IPs are 10.137.4.8 and 10.137.4.29 > > > > > > > > I know how to route a traffic to an specific IP using "ip route add" to > > > > a determined device network, but How can I route the complete traffic > > > > from one firewall VM by one device network and the traffic from other > > > > firewall VM by the other device network? > > > > > > Source based-routing is tricky in Linux in general. You can search for > > > some guides on the internet. > > > > > > But alternatively, on Qubes R3.2, you can assign one of those USB > > > devices to different VM - some separate netvm, or even one of those > > > firewallvms directly (and do not attach this firewallvm to any netvm). > > > It may work slightly slower, but should be much easier. > > > > Thanks for your tip Marek, but I am having an error with the USB assign: > > > > The ethernet adapter in the sys-usb VM: > > [user@sys-usb ~]$ lsusb > > ... > > Bus 005 Device 002: ID 0b95:1790 ASIX Electronics Corp. AX88179 Gigabit > > Ethernet > > ... > > > > And when I try to assing them to the sys-net VM in dom0: > > [user@dom0 ~]$ qvm-usb > > sys-usb:4-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen > > sys-usb:5-2 0b95:1790 ASIX_Elec._Corp._AX88179_000000000000:9 > > sys-usb:4-9 8087:07dc 8087_07dc > > sys-usb:4-11 0bda:573c > > CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001 > > [user@dom0 ~]$ qvm-usb -a sys-net sys-usb:5-2 > > ERROR: Device attach failed: /usr/lib/qubes/usb-import: line 51: printf: > > write error: Invalid argument > > > > Any idea or a detailed reference about this functionality? > > Check kernel messages in sys-net. It looks like kernel driver rejects > this device for some reason. > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXtdghAAoJENuP0xzK19csjmEH/RKN1Wo8EsllAJ0jUfHcp4AP > GtjhLUYdU+zM2b+h37CLqGCLJ98Eeh4J/CMTH4B7MD6Y5TbCsJNfSxlLYfduPC4Y > zQa/MCDQ09Rof/iipT6SSXX/vRG+NyO+ssMWZM2URjGO0/IXyf0+RM7BI8syPq/L > FoNXyJU36F8BNAcihQZIJ1pDwj1gfEz8JJUEhX1rQgSvjUm7mmdpV2DCF1fYZ/OS > LsIBGrz+Ugja7dcYhwcxz1VkpXwPvExI/JceiLvlNxILwRaBtaBPMbX23CmknvB8 > T31N1IgJSxUQDgcPEhgu8MpHFyHmR5XhCQZmAJ+eMimhDdv4faLTCr2NKvXCSlg= > =/uUW > -----END PGP SIGNATURE-----
This is the message in sys-net: [ 3116.501714] vhci_hcd: Failed attach request for unsupported USB speed: super-speed And I see this in sys-usb: [ 3095.918081] usbip-host 5-2: stub up [ 3095.920893] usbip-host 5-2: recv a header, 0 [ 3096.023678] usbip-host 5-2: reset SuperSpeed USB device number 2 using xhci_hcd [ 3096.038562] usbip-host 5-2: device reset -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/77b825ce-54ed-4b2e-bf47-734c6b58cacc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
