On Mon, Oct 08, 2018 at 03:27:43AM -0700, 3mp...@gmail.com wrote:
> On Tuesday, September 25, 2018 at 9:24:08 PM UTC+2, 3mp...@gmail.com wrote:
> > > Some obvious questions.
> > > 
> > > You say the interface is correctly configured.
> > > Do you have any routes set in the Windows box?
> > > Do you see traffic outbound on the 10.137.0.50 iface?
> > > 
> > > If you sniff traffic inbound on the vif attached to the Windows HVM, do
> > > you see anything there? (I mean sniff on the proxyVM)
> > 
> > Hi Unman, thanks for your help.
> > 
> > To eliminate some potential Windows issues I chose to boot on a fedora 28 
> > live cd in this HVM.
> > 
> > I configured the eth0 interface with the following command to copy a normal 
> > qubes configuration :
> > 
> > ifconfig eth0 10.137.0.200 (HVM IP) netmask 255.255.255.255 broadcast 
> > 10.255.255.255
> > route add -host 10.137.0.10 (ProxyVM IP) dev eth0
> > route add default gw 10.137.0.10 eth0
> > 
> > I identified vif14 on ProxyVM, it corresponds to the HVM interace.
> > 
> > I launched tcpdump -n -i vif14.0 on ProxyVM, telnet from 10.137.0.200 (HVM) 
> > to 10.137.0.8 port 8080 (web server on qube I'm trying to reach, working 
> > great from a third qube)
> > 
> > telnet doesn't connect but here's the result of tcpdump :
> > 
> > https://pastebin.com/QXhyBx4Z
> > 
> > Any help appreciated
> 
> Could someone help me on this issue ? Or explain the right network 
> configuration in Qubes 4.0 ? The 255.255.255.255 netmask seems strange to 
> me... Is the idea to block all kind of traffic except to the gateway with the 
> route add -host commmand ?
> 

I believe that is indeed the aim.
You can either set to 255.255.255.0 or add specific route, as you have
done. (Did you set a return route on the destination also?)

The next step would be to examine the rules on the proxy to make sure
that you are allowing the traffic through the ProxyVM. You could listen
on the interface that's attached to 10.137.0.8 to see if traffic is
outbound from there.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20181008135548.g4wsss6ld25qfvg3%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to