On Sat, Dec 12, 2020 at 02:47:49PM -0500, Stumpy wrote: > On 12/11/20 9:22 AM, unman wrote: > > On Fri, Dec 11, 2020 at 08:56:20AM -0500, Stumpy wrote: > > > Is there a way to ftp to another computer on my LAN from a appvm that is > > > using a proxyvm? > > > > > > I am able to ftp to other computers when I set this appvm to just use the > > > default firewall, but sometimes I forget to set it back to use a vpn vm; > > > but > > > if I have the appvm using the vpn/proxy vm then I am unable to reach any > > > of > > > the other computers on my LAN? > > > > > > Please advise > > > > > > > Yes - you need to adjust the firewall rules on the vpn qube to direct > > (ftp) traffic from the source ip to the local network - you could make > > this *highly* specific by specifying the destination in the new rule. > > pardon my ignorance but how would I do that? I know it would be in settings > -> firewall settings but after that it gets a bit fuzzy?
Well, you cant do it there, because you need to adjust the firewall rules implemented ON the vpn qube. > > > What method are you using to set up the vpn? > > > > I used the new community vpn setup > Right - but there are 2 methods outlined on that github page (if that's what you mean by community vpn) - 3 if you include "vpn on sys-net". Did you follow the "iptables and CLI scripts" section? There's an added issue that you will have to consider and that is the nature of FTP connections - when a client connects to a server, the server may create a link back to a port specified in the original connection: this is non-passive(active) ftp. If your FTP server does this then you will have to enable a route through to the client qube. The client may instead send a PASV command - then the server *may* send back a listening port number, and the client will create a link to that port. So there are 4 possibilities, and the firewall rules you need will depend on what are the capabilities of the server. Best check on that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20201213021714.GA13508%40thirdeyesecurity.org.
