On Tuesday, 6 February 2018 21:21:31 UTC+8, [email protected] wrote: > Le jeudi 10 novembre 2016 18:09:30 UTC+1, Max a écrit : > > On Thursday, 10 November 2016 07:34:06 UTC+8, Drew White wrote: > > > On Thursday, 10 November 2016 04:36:18 UTC+11, Max wrote: > > > > Brief update on this. After attempting to use the Qubes Network Server > > > > from Manuel Amador (Rudd-O) to solve this issue with no luck I have > > > > gone back to looking at solving this by adjusting the iptables rules. > > > > > > > > I ran through the steps listed here again: > > > > https://www.qubes-os.org/doc/qubes-firewall/#enabling-networking-between-two-vms > > > > but instead of trying to ping my Debian 8 VM (10.137.2.18) from the > > > > Windows VM (10.137.2.19), I did this from a new Fedora VM (10.137.2.16) > > > > to test the results. > > > > > > > > I simply did the following: > > > > > > > > Firewall > > > > sudo iptables -I FORWARD 2 -s 10.137.2.16 -d 10.137.2.18 -j ACCEPT > > > > > > > > work-apps > > > > iptables -I INPUT -s 10.137.2.16 -j ACCEPT > > > > > > > > This enabled me to ping from Fedora to the Debian VM. No additional > > > > rules were required such as adding ports or adding an ACCEPT FORWARD > > > > rule in the Debian VM with the destination and source reversed. > > > > > > > > Given the ease of achieving this, it seems that the issue here stopping > > > > me pinging my Debian VM from Windows is specific to Windows being an > > > > HVM. Pinging from an HVM to a PVM does not seem to work but PVM to PVM > > > > networking does. Please note that the HVM can ping the firewall and > > > > vice versa. > > > > > > > > Does anyone have any suggestions given this information? > > > > > > > > Many thanks. > > > > > > As I have said in other places, including his qubes network server post, > > > I too use IPTables, because it's much simpler and cleaner. > > > > > > I have a dedicated ProxyVM that is my inter-vm network. > > > > > > > > > These are the 2 rules... > > > $intervm_internalnet = '10.137.2.0';// this can be generated from the > > > ifconfig if required. But conditions apply for success. > > > > > > iptables -I FORWARD 1 -i vif+ -o vif+ -s $intervm_internalnet/24 -d > > > $intervm_internalnet/24 -m state --state NEW -p tcp -m tcp -j ACCEPT > > > iptables -I FORWARD 1 -i vif+ -o vif+ -s $intervm_internalnet/24 -d > > > $intervm_internalnet/24 -p udp -m udp -j ACCEPT > > > > > > > > > > > > This has worked for me always. Never missed a beat. And it allows for > > > inter-vm comms, as well as it communicating to the outside world. > > > > Thanks Drew, unfortunately I tried this at the beginning (my step 3). It > > didn't work for me. > > > > Have you tried pinging from a Windows HVM to another Debian or Fedora AppVM? > > Hello Max, > > I am a newbie on Qubes, and i've the same issue on 3.2 version. > Did you finally succeeded in having interconnect between two HVM ? > Thanks for your feedback. > > Regards > > Mc
Hi Mc, I was able to connect between Linux AppVMs only, not HVMs. To solve my particular issue, I went with syncthing to transfer a text file between VMs which was very straightforward as the Windows and Linux clients are very easy to install. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d822ee3-0d14-49c9-a2f2-b2bdea20653f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
