On 10/15/2016 12:56 PM, 4lgaqp+cqeepdnbinsts via qubes-users wrote:
Thanks for the suggestion.
Just to clarify, the VPN tunnel was created within the sys-firewall, and
currently that's the only proxyVM that I'm using (apart from the sys-whonix),
hence all traffic from the sys-net isn't encapsulated by the tunnel.
My understanding is that the sys-firewall merely forwards the traffic through
the sys-net by adding a forwad rule in the sys-firewall every time a new VM is
started. For that reason I was wondering if I cannot solve this more
effectively by simple adding a forwarding rule in the sys-firewall to whitelist
all traffic originated from 0.0.0.0/0 to the destination address
10.137.255.254/32 and port 8082, wouldn't this be possible?
Privacy during updates are not an issue for me, by the contrary, since this
would allow more network throughput.
I confess I'm not very keen in changing templates or creating a dedicated
proxyVm for this purpose.
I think you mentioned you were using the 'eth0 -j DROP' rules in
FORWARD.... that would imply that you /are/ putting all traffic through
the tunnel. Also, your thread title says you are doing this?
Unfortunately, making exceptions to a VM that is configured to stop all
plaintext forwarding can be a bit dicey. IOW, this kind of VPN VM is
supposed to be dedicated to the purpose.
Qubes' modular style of networking allows you to make exceptions with
low risk if you use (for example) a plain sys-firewall in parallel to a
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.