On 03/28/2017 12:27 PM, Nemo wrote:
I'm really having a lot of trouble getting consistent results with the
updates proxy. I've managed to break it on Firewall as well, despite
only removing and then re-adding qubes-updates-proxy (as far as I can tell).
Could you please help me by listing the elements required for it to work?
Eg
* TemplateVM
** Firewall page
*** Allow connections to Updates Proxy: checked
* ProxyVM(can be VPN or Firewall)
** Firewall page
*** Allow access to 10.137.255.254:8082 <http://10.137.255.254:8082> (or
just all)
** Services page
*** qubes-updates-proxy listed and checked
*** yum-updates-proxy must not be listed
** Packages
*** tinyproxy (tinyproxy.x86_64) must be installed
** CLI firewall rules
*** Official VPN documentation rules are fine, other rules might cause
problems
* Net
** Must have internet access
Is there anything else?
Where it says "Allow access to 10.137.255.254:8082"... I would get rid
of that on all proxyVMs and template VMs, at least while testing.
Firewall pages should also be set like default; For proxyVMs that is
"Allow access except + empty list + Allow DNS + Allow ICMP". The
qubes-updates-proxy service is enabled /only/ for the downstream proxyVM.
Once you have it working with default settings, you can try re-adding
your other rules one-by-one while testing them.
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/8a879638-208c-89ac-035d-106ff9534b44%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.