> Ok, so I tried to enable the updates proxy in the sys-firewall
> consequently forcing all updates to go through the VPN, I followed the
> instructions outlined here -
> https://www.qubes-os.org/doc/software-update-vm/#updates-proxy
> However, as soon as I try to run the updates on one of the vmtemplate I
> get the error "No route to host". All the templatevm has a default route
> to the sys-net (, notwithstanding the update should be
> targeting the sys-firewall. Should I change the default GW of the
> templatevm ?!

I found that using an UpdateVM other than sys-net results in failures
because the iptables rule to accept connections on local port 8082 is
never added to any VM, other than than the default NetVM.

Updates failed for me (packets to port 8082 being dropped on the update
VM) until I manually added the rule myself as the first filter rule:

"-A INPUT -i vif+ -p tcp -m tcp --dport 8082 -j ACCEPT"

Or you could just call /usr/lib/qubes/iptables-updates-proxy, which is
what happens in sys-net

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to