On 19/04/2019 12:05, Thomas Leonard wrote:
On Thursday, April 18, 2019 at 9:53:25 AM UTC+1, Claudio Chinicz wrote:
Hi All,
Once again I turn to the Qubes Community to ask for help.
I have a Mirage Firewall VM that works with HVM (Linux Mint) and
Debian/Fedora template-based PVMs.
My Windows 10 HVM, which works just fine through sys-firewall
(copy/paste and file sharing with other VMs dont, but I can live with it).
I've tried setting up networking manually by adding its IP, mask and
gateway and rebooting but it did not work. It works with DHCP instead
when getting network through sys-firewall.
I've followed all the ideas from here
(https://www.windowscentral.com/how-regain-internet-access-after-installing-update-windows-10)
and it still did not work.
One last piece of information, my Windows 10 Pro was successfully
activated using a key I provided.
Any ideas? This is not critical, since I can continue using
sys-firewall, but would love to free some memory by using Mirage.
There might be clues in the firewall VM's logs. You can see them with Qubes
Manager (right-click on mirage-firewall and choose Logs ->
guest-mirage-firewall.log). Open the logs just after booting Windows and seeing
that networking doesn't work and look at the end.
You can also do "sudo xl console mirage-firewall" in dom0 to follow the logs
and then boot Windows and watch for new entries.
Hi Thomas,
Thanks in advance. Please see below logs from guest-mirage-firewall.log.
My Windows VM is 10.137.0.21.
What really surprises me is why I does not work even if I set my
ip/mask/gateway as it works with Linux Mint? What's different with Windows?
Best Regards,
Claudio
2019-04-18 11:20:10 -00:00: INF [client_net] Client 18 (IP: 10.137.0.21)
ready
2019-04-18 11:20:10 -00:00: INF [ethernet] Connected Ethernet interface
00:16:3e:5e:6c:00
2019-04-18 11:20:11 -00:00: INF [client_net] add client vif
{domid=17;device_id=0}
2019-04-18 11:20:11 -00:00: INF [qubes.db] got rm
"/qubes-iptables-domainrules/"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-iptables-header" = "# Generated by Qubes Core on Thu Apr 18
14:20:11 2019\n*filter\n:INPUT DROP [0:0]\n:FORWARD DROP [0:0]\n:OUTPUT
ACCEPT [0:0]\n-A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP\n-A
INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\n-A INPUT -p
icmp -j ACCEPT\n-A INPUT -i lo -j ACCEPT\n-A INPUT -j REJECT
--reject-with icmp-host-prohibited\n-A FORWARD -m conntrack --ctstate
RELATED,ESTABLISHED -j ACCEPT\n-A FORWARD -i vif+ -o vif+ -j DROP\nCOMMIT\n"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-iptables-domainrules/10" = "*filter\n-A FORWARD -s 10.137.0.18
-j ACCEPT\n-A FORWARD -s 10.137.0.18 -j DROP\nCOMMIT\n"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-iptables-domainrules/17" = "*filter\n-A FORWARD -s 10.137.0.21
-j ACCEPT\n-A FORWARD -s 10.137.0.21 -j DROP\nCOMMIT\n"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-iptables-domainrules/14" = "*filter\n-A FORWARD -s 10.137.0.13
-j ACCEPT\n-A FORWARD -s 10.137.0.13 -j DROP\nCOMMIT\n"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-iptables-domainrules/9" = "*filter\n-A FORWARD -s 10.137.0.8 -j
ACCEPT\n-A FORWARD -s 10.137.0.8 -j DROP\nCOMMIT\n"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update: "/qubes-iptables"
= "reload"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/mapped-ip/10.137.0.21/visible-ip" = "10.137.0.21"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/mapped-ip/10.137.0.21/visible-gateway" = "10.137.0.23"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-firewall/10.137.0.21/0000" = "action=accept"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-firewall/10.137.0.21/policy" = "drop"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-firewall/10.137.0.21" = ""
2019-04-18 11:20:11 -00:00: INF [qubes.db] got rm
"/qubes-firewall/10.137.0.21/"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-firewall/10.137.0.21/0000" = "action=accept"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-firewall/10.137.0.21/policy" = "drop"
2019-04-18 11:20:11 -00:00: INF [qubes.db] got update:
"/qubes-firewall/10.137.0.21" = ""
2019-04-18 11:20:22 -00:00: INF [client_eth] who-has 10.137.0.1?
2019-04-18 11:20:22 -00:00: INF [client_eth] unknown address; not responding
2019-04-18 11:20:22 -00:00: WRN [client_net] Incorrect source IP 0.0.0.0
in IP packet from 10.137.0.21 (dropping)
2019-04-18 11:20:22 -00:00: WRN [client_net] Incorrect source IP
10.137.0.1 in IP packet from 10.137.0.21 (dropping)
2019-04-18 11:20:22 -00:00: INF [client_eth] who-has 10.137.0.1?
2019-04-18 11:20:22 -00:00: INF [client_eth] unknown address; not responding
2019-04-18 11:20:22 -00:00: INF [client_eth] who-has 10.137.0.21?
2019-04-18 11:20:22 -00:00: INF [client_eth] ignoring request for
client's own IP
2019-04-18 11:20:22 -00:00: WRN [client_net] Ignored unknown IPv4
message: Ignoring non-TCP/UDP packet: IPv4 packet 10.137.0.21 ->
224.0.0.22: id 46e6, off 0 proto 2, ttl 1, options
94 04 00 00
2019-04-18 11:20:22 -00:00: INF [client_eth] who-has 10.137.0.21?
2019-04-18 11:20:22 -00:00: INF [client_eth] ignoring request for
client's own IP
2019-04-18 11:20:22 -00:00: INF [client_eth] who-has 10.137.0.1?
2019-04-18 11:20:22 -00:00: INF [client_eth] unknown address; not responding
2019-04-18 11:20:22 -00:00: WRN [client_net] Ignored unknown IPv4
message: Ignoring non-TCP/UDP packet: IPv4 packet 10.137.0.21 ->
224.0.0.22: id 46e7, off 0 proto 2, ttl 1, options
94 04 00 00
2019-04-18 11:20:22 -00:00: WRN [client_net] Ignored unknown IPv4
message: Ignoring non-TCP/UDP packet: IPv4 packet 10.137.0.21 ->
224.0.0.22: id 46e8, off 0 proto 2, ttl 1, options
94 04 00 00
2019-04-18 11:20:22 -00:00: WRN [client_net] Incorrect source IP 0.0.0.0
in IP packet from 10.137.0.21 (dropping)
2019-04-18 11:20:22 -00:00: WRN [client_net] Incorrect source IP
10.137.0.1 in IP packet from 10.137.0.21 (dropping)
2019-04-18 11:20:22 -00:00: WRN [client_net] Ignored unknown IPv4
message: Ignoring non-TCP/UDP packet: IPv4 packet 10.137.0.21 ->
224.0.0.22: id 46e9, off 0 proto 2, ttl 1, options
94 04 00 00
2019-04-18 11:20:22 -00:00: WRN [firewall] Failed to add NAT rewrite
rule: Cannot NAT this packet (IPv4 packet 10.137.0.21 -> 224.0.0.251: id
e7de, off 0 proto 17, ttl 1, options
UDP port 5353 -> 5353)
2019-04-18 11:20:22 -00:00: WRN [firewall] Failed to add NAT rewrite
rule: Cannot NAT this packet (IPv4 packet 10.137.0.21 -> 224.0.0.252: id
211e, off 0 proto 17, ttl 1, options
UDP port 53180 -> 5355)
2019-04-18 11:20:22 -00:00: WRN [firewall] Failed to add NAT rewrite
rule: Cannot NAT this packet (IPv4 packet 10.137.0.21 -> 224.0.0.251: id
e7df, off 0 proto 17, ttl 1, options
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/q9carl%2423sc%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.
