Qubes-network-server takes care of this for you. On February 14, 2017 2:02:18 AM PST, Jarle Thorsen <jarlethor...@gmail.com> wrote: >> Unman: >> > I suggest you read the docs: >> > www.qubes-os.org/doc/firewall has a section on allowing traffic in >to >> > qubes. >> >> Thank you for the link. It provided a good foundation. >> >> > But this may not be what you want. It reads as if you want to have >> > sys-net operating as a router. You can do this quite simply by >changing >> > the iptables configuration and using proxy arp to make sure that >the >> > external network sees the qubes behind the router. >> > Alternatively you could use the netvm as a gateway to the network >of >> > qubes, and make sure that THAT route is propagated on your internal >> > network. >> >> Thank you, it seems like using proxy arp is the way to go for me. >That way I can still use a dynamic address for my NetVM. > >I'm getting back to this thread, still haven't got everything working: > >My NetVM is connected to a local network 10.0.0.0/16, and gets a >dynamic IP via DHCP. > >AppVMs connect directly to the NetVM, without any firewall, and all >firewall rules has been removed from NetVM. > >All networking is now working fine, both between AppVMs and from AppVMs >and into the 10.0.0.0/16 network. > >Now I need to have the AppVMs available from the 10.0.0.0/16 network... > >Where do I need to enable arp_proxy to make this happen? Only on the >NetVM interface connected to the 10.0.0.0/16 network, or also on the >vif interfaces on the NetVM, or in the AppVMs also?? > >-- >You received this message because you are subscribed to the Google >Groups "qubes-users" group. >To unsubscribe from this group and stop receiving emails from it, send >an email to qubes-users+unsubscr...@googlegroups.com. >To post to this group, send email to email@example.com. >To view this discussion on the web visit >https://groups.google.com/d/msgid/qubes-users/382450c2-11c6-40dc-9bea-03840335c104%40googlegroups.com. >For more options, visit https://groups.google.com/d/optout.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/FD0BEFAB-47FA-45D7-9CB6-7207675511A4%40rudd-o.com. For more options, visit https://groups.google.com/d/optout.