On Tuesday, 6 February 2018 11:32:07 CET 'awokd' via qubes-users wrote: > I'm not getting past the first step of: > > Verify you are cutting through the sys-net VM firewall by looking at its > counters (column 2)
Yes, that sounds familiar. The problem isn't limited to sys-net either, using netcat to listen on any port on any (fedora based) appvm I could not get anything to connect to those ports. So, for instance, starting netcat on sys-firewall I could not connect to it from sys-net. Similarly, listening on a random VM and connecting to it from sys-firewall failed too. And I tried a lot of ways to convince the iptables to accept it... I mostly used archlinux templates for appvms, which do not have the qubes networking packages and thus the iptables list is empty. [1] Listening there and connecting from it worked fine. Hope that helps. ---- 1) Personally I would say that simpler is better, or least surprises is better. The current design where any appvm gets those complex firewall rules is a bug. Only VMs that expose their network (providing) should run it. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2307203.OnATnpnmTp%40strawberry. For more options, visit https://groups.google.com/d/optout.