-------- Original Message -------- Subject: [qubes-users] Problems with inter-HVM networking Local Time: April 13, 2017 12:39 AM UTC Time: April 13, 2017 12:39 AM From: qubes-users@googlegroups.com To: qubes-users@googlegroups.com <qubes-users@googlegroups.com>
Hello. I am trying to achieve a network between two HVMs one Windows and one Linux, My setup is as follows: NetVM---FirewallVM---Linux VM (ubuntu)/Windows HVM. I have followed the directions here: https://www.qubes-os.org/doc/firewall/ but these directions do not work fully. I can establish a connection between both HVMs and the firewall and I can open a terminal in the firewall and ping both of the HVMs. However I cannot establish a connection between the two HVMs. I either get "destination unreachable" or "request timed out" errors. I found this thread: https://groups.google.com/forum/?_escaped_fragment_=topic/qubes-users/lA2SgPcV9fU#!topic/qubes-users/lA2SgPcV9fU I tried all the suggestions in it including the following: (1) enabling the proxy_arp cache (verified with cat) did nothing (2) using the sudo arp -i eth0 -s <AppVM IP> <ProxyVM MAC> had no effect. (3) The suggestion by Marek to change the netmask in the Windows VM did not work. (4) Changing the iptables by modifying the /rw/config/qubes-firewall-user-script using the code lines beginning with : intervm_internalnet='10.137.X.0'; also did not work. I can use the iptables -L commands to confirm that the rules are there; they just don't seem to be forwarding correctly. On a whim I also upgraded to Fedora 24 and changed my firewall to match that template but it had no effect. Other people seem to be able to get this to work but I cannot. Thanks in advance for any assistance. Bump. I have retraced my steps and I can confirm that the problem does not appear to lie in iptables or in ARP. The only new fact that emerged is that if I turn on the proxy_arps AND flush all the rules in the firewall as well as setting the policies to ACCEPT (in short, I simply disable the firewall) I no longer get timeout errors both HVMs then report "Destination Host Unreachable." BTW, both of these HVM were originally Virtual Box VMs which I imported into Qubes. The networking within VB works perfectly. So there is something in the way that Qubes is handling networking that is the issue.... Again, thanks in advance for any insight. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/P98SJSW7RFYXVz7JjxvDnt367vkje2JCio-CV552M5mo0xbVeDZYntqgm71RQIaLG3ZSI4PmtfG8yIGcJNh4xDUqia1-fwI0qh_B6miGWQU%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
