On Fri, Feb 17, 2017 at 06:01:14PM -0800, Manuel Amador (Rudd-O) wrote: > Qubes-network-server takes care of this for you. > > On February 14, 2017 2:02:18 AM PST, Jarle Thorsen <jarlethor...@gmail.com> > wrote: > >> Unman: > >> Thank you, it seems like using proxy arp is the way to go for me. > >That way I can still use a dynamic address for my NetVM. > > > >I'm getting back to this thread, still haven't got everything working: > > > >My NetVM is connected to a local network 10.0.0.0/16, and gets a > >dynamic IP via DHCP. > > > >AppVMs connect directly to the NetVM, without any firewall, and all > >firewall rules has been removed from NetVM. > > > >All networking is now working fine, both between AppVMs and from AppVMs > >and into the 10.0.0.0/16 network. > > > >Now I need to have the AppVMs available from the 10.0.0.0/16 network... > > > >Where do I need to enable arp_proxy to make this happen? Only on the > >NetVM interface connected to the 10.0.0.0/16 network, or also on the > >vif interfaces on the NetVM, or in the AppVMs also?? > >
This really isn't very helpful to someone who is trying to understand what is happening. Perhaps the need for brevity prevented a fuller answer. But just saying there's a tool, (although I understand your wish to promote your software) isn't the way to go imo. Jarle - there are a few things you could do. One of them would be to distribute a static route using your DHCP server - implementing a classless static route if your server supports it would be best. You would need to put the external iface of the netVM as the gateway to the internal 10.137.0.0/16 network. This won't be easy with DHCP unless you put a reservation in place. Alternatively you use proxy arp on the external interface of the netVM, as you suggest. You don't need it on the vif interfaces because you have the relevant routing information in the netVM. (As you are connecting qubes directly to the netVM these routes will be set up automatically. You can check this with 'ip route' - If you DID use a firewall you would need to add a static route on the netVM with the fw as gateway to the qubes connected to it.) It may be that Rudd-0's tool will do this for you. I dont know. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170218210011.GA23277%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
