Qubes-network-server takes care of this for you.

On February 14, 2017 2:02:18 AM PST, Jarle Thorsen <jarlethor...@gmail.com> 
wrote:
>> Unman:
>> > I suggest you read the docs:
>> > www.qubes-os.org/doc/firewall  has a section on allowing traffic in
>to
>> > qubes.
>> 
>> Thank you for the link. It provided a good foundation.
>> 
>> > But this may not be what you want. It reads as if you want to have
>> > sys-net operating as a router. You can do this quite simply by
>changing
>> > the iptables configuration and using proxy arp to make sure that
>the
>> > external network sees the qubes behind the router.
>> > Alternatively you could use the netvm as a gateway to the network
>of
>> > qubes, and make sure that THAT route is propagated on your internal
>> > network.
>> 
>> Thank you, it seems like using proxy arp is the way to go for me.
>That way I can still use a dynamic address for my NetVM.
>
>I'm getting back to this thread, still haven't got everything working:
>
>My NetVM is connected to a local network 10.0.0.0/16, and gets a
>dynamic IP via DHCP.
>
>AppVMs connect directly to the NetVM, without any firewall, and all
>firewall rules has been removed from NetVM.
>
>All networking is now working fine, both between AppVMs and from AppVMs
>and into the 10.0.0.0/16 network.
>
>Now I need to have the AppVMs available from the 10.0.0.0/16 network...
>
>Where do I need to enable arp_proxy to make this happen? Only on the
>NetVM interface connected to the 10.0.0.0/16 network, or also on the
>vif interfaces on the NetVM, or in the AppVMs also??
>
>-- 
>You received this message because you are subscribed to the Google
>Groups "qubes-users" group.
>To unsubscribe from this group and stop receiving emails from it, send
>an email to qubes-users+unsubscr...@googlegroups.com.
>To post to this group, send email to qubes-users@googlegroups.com.
>To view this discussion on the web visit
>https://groups.google.com/d/msgid/qubes-users/382450c2-11c6-40dc-9bea-03840335c104%40googlegroups.com.
>For more options, visit https://groups.google.com/d/optout.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/FD0BEFAB-47FA-45D7-9CB6-7207675511A4%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to