On 10/28/2017 06:36 PM, nicholas roveda wrote:
Up to now, I've thought of 2 possible solutions:
[...]
I really need some help, maybe from the developers, to understand better these mechanisms, to be able to implement a solution as more general as possible, that users can adopt without efforts.
Have a look at the code whonix or that VPN project uses to provide upstream services to downstream VMs.
The mechanisms are somewhat different in 3.2 and 4.0.Your thoughts appear to be overly complicated. I e.g. didn't understand the dom0 part:
dom0 doesn't store any DNS settings. Each VM forwards packets to the next upstream VM and the DNS decision is made at your netvm resolv.conf. Dynamic firewalls (iptables in 3.2, netfilter or so in 4.0) managed by the dom0 qvm-firewall in your proxsy & firewall VMs ensure only allowed traffic is going through. DNS uses dnat rules. Dom0 uses your firewall VM to pull updates.
So you can just configure your DNS cache server in your net VM or if you want to use a proxy VM you'll have to write a custom service that does the iptables changes desired by the Qubes firewall (the default ones will not work as they are designed to forward packets further upstream). The latter should only be done by really experienced users.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bfa1ad19-90a7-22a2-5eab-a5b9bfe37a64%40hackingthe.net. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
