2018-04-17 23:21 GMT+02:00 awokd <awokd>: > > On Tue, April 17, 2018 7:37 pm, C0d3r Cr33d wrote: > > Hi awokd, > > > > > > First, thanks for your reply and yes, that what i suggested. However, the > > sys-net set a netmask of 255.255.255.255 (32) towards the sys-firewall. > > So > > every Qube connected to the sys-firewall (or even sys-net) has to use the > > 32 netmask. > > That's not true for typical use. I have an HVM on 4.0 running right now > with internet access on 10.137.0.27/24 with default gwy of 10.137.0.6 > (sys-firewall). The corresponding vif in sys-firewall is default at > 10.137.0.6/32. Since every IP the HVM needs to talk to is outside that > /24, routing works fine with mismatched subnets. >
Seems like it should work like i tried. Let sys-firewall default, set HVM manually to: IP: 10.137.0.27 (refer to your case), Netmask: 255.255.255.0, Gateway: 10.137.0.6 and then just open Firefox and have fun. I will try it again. Which OS is your HVM running? > > Where that might be an issue is when you try to get the VMs talking to > each other, but it sounds like you aren't even getting past sys-firewall? > Thats correct. I haven't tried to ping the sys-firewall though, but as i tried to ping e.g. google, i didn't get any response. > > Not sure if there's some nftables magic that intercepts these inside > sys-firewall and routes them properly, hopefully someone who understands > this part better can chime in. If some one in this group does, I would appreciate it . > > > In many tutorials, i saw the sys-net providing a netmask of 24 > > (255.255.255.0). These tutorials mostly rely on Qubes R3.2. > > > > > > So my Questions: > > > > > > - Is the sys-net provided netmask differ on Version? R3.2, R4.0? > > It was /24 on 3.2, now it's /32. > > Good to know. Let me consider changing the version although it should work with 4.0 either. > > > > > - If not, what does the netmask depend on? When the netmask is set? in > > the installation or first bootup? - Is it possible to change the sys-net > > provided netmask persistantly to 24 (255.255.255.0)? > > If I understand it right, the VIFs are point-to-point, not shared. So even > if you could change sys-net's netmask, I don't think it would help what > you are trying to do. Good Point. Thanks for your reply, hopefully others got similar or different ideas on this -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5dd477c8-9224-4793-a18d-9d77597067b1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
