On 10/16/2016 08:50 AM, 4lpt9o+3m11o9qubb38o via qubes-users wrote:
You don't need to manually add the iptables rules. When enable the 
'qubes-yum-proxy' on the VPNVM the rule to iptables is automatically added:

Chain PR-QBS-SERVICES (1 references)
  pkts bytes target     prot opt in     out     source               destination
     0     0 REDIRECT   tcp  --  vif+   *       0.0.0.0/0            
10.137.255.254       tcp dpt:8082
And also the corresponding rule on the INPUT chain:

Chain PR-QBS-SERVICES (1 references)
  pkts bytes target     prot opt in     out     source               destination
     0     0 REDIRECT   tcp  --  vif+   *       0.0.0.0/0            
10.137.255.254       tcp dpt:8082

So you don't need to do this by hand.

@Manuel I agree with you, the instructions on the Qubes VPN doc. don't outline 
this step. And this is necessary to have the updates working while forcing all 
the traffic through the VPN.
Can someone add some references on the VPN article 
(https://www.qubes-os.org/doc/vpn/) in the same manner as this page reflected 
in this page - https://www.qubes-os.org/doc/software-update-vm/#updates-proxy . 
Since anyone following the VPN article,as it is, would not have the yum/apt 
updates working.


Although following the doc would leave the updates working (user is instructed to create a new VPN VM, not use existing sys-firewall) it would be nice to be able to update over a VPN tunnel. I'll create an issue for updating the doc.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3cff8ec6-510e-34a6-9681-4ff01d223c9c%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to