On Monday, April 8, 2019 at 11:20:13 PM UTC+1, qmirfw wrote: > Hello, > > I got the qubes-mirage-firewall working in a simple > > sys-net --> sys-mirage-fw --> disp1234 > > situation, but when I wanted to include it in my normal chain, as in > > sys-net --> sys-mirage-fw --> sys-firewall --> AppVMs > > my AppVMs can't access the network. > > Is this supposed to work? > > In Xen console of the mirage firewall I can see the linux firewall > connecting, but then lines like this: > > WRN [client_net] Incorrect source IP 10.137.0.45 in IP packet from > 10.137.0.12 (dropping)
What is the IP address of sys-firewall and the AppVM? It sounds like mirage-firewall got a packet from sys-firewall with source address 10.137.0.45, but it thinks that sys-firewall should have the IP address 10.137.0.12 (and be doing NAT on behalf of its clients). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bd0b616b-d9a9-408a-a335-44f7d3122eaf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
