-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 putnam: > I wonder if anyone can help me to create a reverse shell on > one AppVM (which is connected to sys-firwall) from an external > ip address. > > First, I'm using a VPN and netcat to test the connection like > this: > > Qubes Debian-9 AppVM: > > `nc -nlvp 443` > > On remote machine: > > `nc -nv 10.11.0.100 443` # 10.11.0.100 is my ip on tap0. > > I've tried: > > - Using `sys-net` as NetVM. > > - Using `sys-net` as NetVM and flushing iptables in both > sys-net and Debian-9 AppVM. > > - In qubes-manager firewall: "Allow network access except...", > "Allow ICMP traffic", and "Allow DNS queries" all checked. No > exceptions listed. > > I just can't seem to get this reverse shell to work no matter > what combination of the above I do. I've tried both with > `netcat` and with `ncat` explicitly allowing the remote > machine. >
Well I figured it out by looking here: https://www.qubes-os.org/doc/firewall/ In AppVM run: `sudo iptables -I INPUT -s <IP Address of remote machine> -j ACCEPT` Now netcat can connect from remote machine to listening port on AppVM. - -- putnam | 0xE910A14357F33056 -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJYTf3/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQyOEFEMjgzMUIyQjU4MzdFN0I5Q0NGMzdF OTEwQTE0MzU3RjMzMDU2AAoJEOkQoUNX8zBW7wQP/i3f0CTN4LGdGgUrQZjEj3h6 A67hSa/FK7RPi0iO9fVgOtOi0fTbTi+gyKf3MG67dLmBw0BNo+HiqUj0yKgLxFyX Rdb04t8Dabq7xMWYg/DwN5huR02gyy7pKA/mnPoerpZr+bQRQ45z2omud/FAt9xN DWnJH/9M9mjMitudc3SQX0vLuT9TucXJfA3Dzm5sdarBnbhKCclqHVOKQynw0eHl 6Fhl2+7t42FkxGuRtFcYcgi9fGXVE17MUzDh3PCjMVRi1HXxAyx4ukZOHmqzvzN0 tDWExDL9XBXvxhacciNacFZUHATC8DhtDYuYqrOtn7CPYyy4B51HxFkjj77kupVq 4ohe9y4EDUaNszEXzcxQOWvhBiz9ZlQM5V0/8+CQu9+BiS0vKwBDjL0z1W8NXog7 v7FSQOat6pXV+qxJGY0/jdtByxpgxQshm4rXac81HGV7vKp9PI8DoeQ6y/PS/iV7 o01cBEdbQvkNteqRu1oc98MYxwWPX6b6BdQ0k0w6K/qv7lEnl4VXhuVGu+gjnqBd VIYuq2oHM0FA1z6q5WeRR+xUeqOyjIl/xk+6slLu0Uxf12oENAldw/5PS7hsY1u4 0GpJMcmG5SEnHxye7xJyOZTMOp+YGZLrFD1qt4xUpwOsw6RZY6dFW3r4qxfwICWf QzUdEARpKAkEAnp+i6/2 =hQQS -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e1c2764d-adfa-d056-ed35-300e8db79ab5%40sigaint.org. For more options, visit https://groups.google.com/d/optout.
