On Tue, May 12, 2020 at 04:13:23PM +0100, unman wrote: > On Mon, May 11, 2020 at 03:16:03PM +0000, 'Zsolt Bicskey' via qubes-users > wrote: > > Here is full summary of where I am at. Could someone please provide > > guidance with this? Thank you very much. > > > > > > Qubes OS version > > Qubes OS R4.0 > > > > Affected component(s) or functionality > > Networking > > > > Brief summary > > I tried to separate everything into to two subnets meanings 2 NICs, 2 > > gateways (sys-net), 2 firewalls. Everything works on the network before the > > new gw and after it. All qubes can communicate to the firewall. After the > > gateway everything works properly on the physical network as designed and > > can get out to the internet if I connect any client other to it but the new > > gateway. > > > > The main gateway remains functional but the new one can't get on the > > network, hence the whole chain doesn't work. > > > <snip detail> > > > Solutions you've tried > > 1) To make sure everything works on the server running Qubes and the > > network itself I used a live boot Linux and tried all NICs. Every NIC was > > able to connect to both the main LAN and the separate VLAN using both DHCP > > and manual IP settings. > > > > 2) As I listed above I tried cloning the 2nd gw from the main one and I > > tried creating from scratch > > > > 3) I tried editing the gw network settings though nmcli and the GUI > > > > 4) I booted the server with a Fedora 31 live USB, set network setting > > manually, copied out the > > /etc/sysconfig/network-scripts/ifcfg-interface-name and manually entered > > all those through nmcli > > > > Just to reiterate once more, the network setup outside of Qubes is 100% > > functional. If I connect any machines to any segment of network to any port > > on the switch they always work as intended. > > > > The thing is, you simply refuse to give us any of the detail that might be > useful here - you don't identify the NICs (may be relevant), you don't > tell us *what* configuration you have set on the VLAN, and (crucially) > what configuration you have set on the NIC. > When you used the live Fedora, did you connect both NICs to the ports? > > I accept some reluctance to give out identifying data, but you > cant expect help without this. > > The key facts seem to be: > 1. The NIC attached to pentest-gw has MAC address assigned, and works > when attached to non-VLAN port on switch. > 2. That NIC can be configured without error with static IP address. > 3. That NIC does not automatically connect to a VLAN port, and the > switch shows an error (off/on/blocked cycle) > > Th obvious conclusion is that there's something wrong with your > VLAN configuration of the NIC. (Since the NIC connected to the port > under Fedora Live we can rule out problems with the NIC itself.) > The fact that Fedora Live autoconfigures, but the Fedora template based > qube does not, may indicate that there's some crucial package missing. > Test this by creating an HVM, assigning the NIC, and booting from Fedora > Live. >
Just for fun, can you run `lsmod|grep 8021q` in pentest-gw? Post the name and content of your config file. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200512154200.GA4736%40thirdeyesecurity.org.
