[Re-titling this sub-thread] On Tue, February 6, 2018 11:12 am, 'Tom Zander' via qubes-users wrote: > On Tuesday, 6 February 2018 11:32:07 CET 'awokd' via qubes-users wrote: > >> I'm not getting past the first step of: >> >> >> Verify you are cutting through the sys-net VM firewall by looking at >> its counters (column 2) > > Yes, that sounds familiar. > > > The problem isn't limited to sys-net either, using netcat to listen on > any port on any (fedora based) appvm I could not get anything to connect > to those ports. So, for instance, starting netcat on sys-firewall I could > not connect to it from sys-net. Similarly, listening on a random VM and > connecting to it from sys-firewall failed too. And I tried a lot of ways to > convince the iptables to accept it... > > I mostly used archlinux templates for appvms, which do not have the qubes > networking packages and thus the iptables list is empty. [1] Listening > there and connecting from it worked fine. > > Hope that helps.
I'm using the Debian-9 template, maybe that's why I was able to get https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes working first try. Doesn't explain sys-net though which is using it too. Anyone out there intimate with nft/iptables? My PR went through so the document is up for grabs again if you want it! (Or please give suggestions here and I can document it too.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f876b8dbafa5d60e8ac109f2b1225fa5.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.