On Wednesday, August 1, 2018 at 6:46:00 PM UTC+10, Unman wrote: > On Mon, Jul 30, 2018 at 10:41:30PM -0700, 'Epinsion Polickye' via qubes-users > wrote: > > On Tuesday, July 31, 2018 at 12:03:45 PM UTC+10, Epinsion Polickye wrote: > > > Hi All, > > > > > > I've been following this guide to set up routing and NAT to an internal > > > machine: https://www.qubes-os.org/doc/firewall/ > > > > > > sys-net and my machines are currently working on the internal network, > > > and the internet perfectly outbound, but I'm having troubles exposing > > > services from sys-net (which I only intend to do for testing with this > > > VM), or internal VMs (what I actually want to do). > > > > > > My machine is connecting directly to sys-net (no sys-firewall middle man). > > > > > > My first step is to simply run "nc -nlv 444" on sys-net to telnet into it > > > from and internal device, and be able to ping the sys-net machine from an > > > internal device. I'm having issues just at this step however, even if > > > I've disabled nftables and iptables. qvm-ls -n lists a different sys-net > > > ip than what's set up as the internal private address on the network. > > > > > > I can ping from sys-net to a particular machine, but not back to the > > > machine. > > > > > > I suspect I'm misunderstanding networking and firewalls in Qubes. I > > > expect sys-net to function like a router (along with any other > > > intermediary VMs for firewalls, net/vpns and the like), and for the > > > firewalls to be handled by nftables and iptables, which shouldn't > > > function when the services are disabled on systems. > > > > > > Thanks. > > > > And also on VM: sudo iptables -I INPUT -s 10.137.0.5 -j ACCEPT > > > > Your assumptions are quite correct about what should be happening. > You haven't said what Qubes version you have or what template you are > using for sys-newt and sys-firewall. Can you add that?
I'm using qubes-4. sys-net and sys-firewall are fedora-26. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/199d85a5-130e-4256-b718-27d0b8371d73%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
