On Sat, Dec 17, 2016 at 11:01:59AM +0100, Marc de Bruin wrote: > Hi Jos, > > > > > Can anyone point out some more reading material? If any? > > > > Cheers! > > Jos > > > > I would like to know this as well! > > Anybody that would like to join and share? > > Thnx, > > Greetz, > Marc. > > --
There isn't any additional reading material other than the pages Jos has referenced, and list archives But it is (relatively) straightforward, - how much NATting is going on? It's all NAT. Look at the basic iptables rules in a netvm and you will see that all downstream traffic is subject to NAT by MASQUERADE in the postrouting table. iptables -L -nv -t nat: Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) 0 0 ACCEPT all -- * vif+ 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 7 424 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 - what role does proxy arp play? Is it still used in 3.2? Yes, proxy arp has been re-enabled in 3.2. It isn't essential in most use cases. To get to Jos's question re the chromecast: There are two elements to this: getting the qube to see the chromecast and allowing return traffic inbound. You need to allow UDP traffic on high ports from the qube You need to allow TCP outbound to (I think) 8008:8009 You need to allow UDP outbound to port 1900 on multicast You need to allow UDP traffic on high ports from the Chromecast to the qube, so you will need to follow the guide on routing inbound traffic to a qube. There's no problem in using tcpdump and iptables on the firewall to see what's going on. I tend to dump the traffic and then parse it on a separate qube. Judicious use of logging in iptables will help you see what's going on, but there's enough here to get started I hope. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161217143853.GA32286%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.