On Mon, November 27, 2017 05:40, pr0xy wrote: > On 2017-11-20 18:08, awokd wrote: >> On Mon, November 20, 2017 10:01, pr0xy wrote: >>> Please help a somewhat noob who wants to use Qubes in the office. >>> >>> I got the OK to try using Qubes R3.2 in my company network as a >>> workstation. They have a very restrictive proxy that forces all traffic >>> through an HTTP/HTTPS proxy like: >>> >>> proxy.example.com:8080 >>> >>> How could I force all Qubes traffic to go through that proxy and that >>> port? >>> >>> Would that be in sys-net, or a Firewall VM? >> >> Check https://www.qubes-os.org/doc/vpn/ . Ignore the parts about VPN >> setup >> but you should be able to set up your proxy redirect in the Proxy VM. >> I'm >> assuming local traffic like DNS lookups would not go through the proxy. > > Thanks. I have been reading up on the ProxyVM, which seems to be the way > I would do this, but I'm a bit confused as to where I would add these > proxy settings. I'm not familiar with manipulating IP tables, or writing > the sort of scripts on that page, but is that what I would need to set? > > I wanted to stay away from setting the environment variables for > http_proxy, https_proxy, ftp_proxy and no_proxy in each VM. Ideally I > think I'd like to use a ProxyVM to proxify an entire AppVM, but the > documentation doesn't make it clear how I would attempt this.
You're right, you'd need to manipulate IP tables. There is no built in way to do it with just the Qubes UI. See https://stackoverflow.com/questions/10595575/iptables-configuration-for-transparent-proxy for an example if you wanted to use the transparent proxy approach. Sys-whonix is essentially a transparent proxy that forwards all traffic through Tor. Another option could be https://www.qubes-os.org/doc/config/http-filtering-proxy/ . See also https://theinvisiblethings.blogspot.de/2011/09/playing-with-qubes-networking-for-fun.html . -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a119e4812ece7ea879234495b8f7a9d%40elude.in. For more options, visit https://groups.google.com/d/optout.
