On 6/3/19 12:10 PM, unman wrote:
On Mon, Jun 03, 2019 at 09:28:01AM +0000, ronpunz wrote:
On 6/3/19 12:54 AM, unman wrote:
On Sun, Jun 02, 2019 at 06:24:33PM +0000, ronpunz wrote:
On 6/2/19 3:11 PM, unman wrote:
On Sun, Jun 02, 2019 at 02:04:57PM +0000, ronpunz wrote:
On 6/2/19 1:46 PM, unman wrote:
On Sun, Jun 02, 2019 at 01:41:48PM +0000, ronpunz wrote:
On 6/2/19 1:06 AM, unman wrote:
Not sure which direction to go next and to be honest, feel a bit out of my
depth. When I started this task I thought there was a simple correlation
between openFW to sys-net and fw to sys-firewall. In reality it seems a
fair bit more complicated than that. For example, fw seems to have a dual
firewall and network interface role?
I dont understand what this means.
There is simple correlation as you describe, it's just that fw needs to
do a little more work to provide the internal interface to the HVM.
What error do you get when you bring up em0?
What's the output from ifconfig?
I note the ifconfig screen shots were missed off my reply.
They should be here
I'm sorry - can you cut and paste the contents rather than imaging?
Copy/paste as requested
??
I cant see the images - paste the contents in the mail.
Sorry. I'm a bit confused. I pasted them in the mail and they're viewable on
the qubes user forum at
https://groups.google.com/forum/#!topic/qubes-users/MpXLhz5COvM
Please let me know if there's more i can do
I cant view them.
Please post the contents, not pictures.
Gotcha. However, that's easier said than done. After trying and failed using
various OCR software. To cut a long story short, I've ended up typing the
whole thing out as follows:
joo# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
index 5 priortity 0 llprio 3
groups: lo
ininet6 :: 1 prefixlen 128
inet6 fe80 ::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
xnf0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:16:3e:5e:6c:00
index 1 priortity 0 llprio 3
media: ethernet manual
status: active
inet: 10.137.0.10 netmask 0xff000000 broadcast 10.255.255.255
re0: flags =8802<UP,BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 1c:1b:0d:a4:1e:e4
index 2 priortity 0 llprio 3
media: ethernet autoselect (none)
status: no carrier
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladr 68:05:ca:55:75:6f
index 3 priortity 0 llprio 3
groups: egress
media: ethernet autoselect 1000baseT
(full-duplex,master.rxpause,txpause)
status: active
enc0: flags=0<>
index 4 priortity 0 llprio 3
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
index 6 priortity 0 llprio 3
groups: pflog
I'm now able to successfully ping 8.8.8.8 but not google.com. Indicating a
dns issue?
The dns setting in pf is iptables -t nat -I PR-QBS -p udp --dport 53 -j DNAT
--to 9.9.9.9
I'm sorry for the pain in doing this - you could always have booted the
openBSD qube with a USB attached, and transferred the files that way.
Like a sneakernet but smaller scale - a fingernet?
You dont say *from where* you are able to ping. Yes, this looks like a
DNS issue.
If you want to get this working from the BSD qube, then check
/etc/resolv.conf
This isn't necessary - in fact you may prefer NOT to allow outgoing
traffic originating from the openBSD firewall.
You say that rule you have is "in pf" - do you mean "in fw"?? It's just
not a pf thing.
So if it *is* in fw, and you are able to ping from fw, then this is looking
good.
Simplest way to proceed is to set /etc/resolv.conf in fw to use 9.9.9.9
Give just a little more detail on what's working and from where.
Yes, you're right I need to clarify some points.
1/ The pinging I referred to i.e. 8.8.8.8 & google.com was from openFW
2/ The rule I referred to in pf was a typo and as you guessed, should
read fwVM
3/ As suggested, I've input into /etc/resolv.conf "nameserver 9.9.9.9"
4/ Have tried to ping from fwVM 8.8.8.8 . It returned "network is
unreachable"
5/ Have tried to ping from fwVM google.com . It returned "temporary
failure in name resolution"
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/42a7af5c-b4d2-7424-c3a3-536999036f75%40riseup.net.
For more options, visit https://groups.google.com/d/optout.
