Re: [qubes-users] No wired internet (Intel I219-LM) on new 4.1 install

2022-05-29 Thread 'awokd' via qubes-users 

M:

I can access https://1.1.1.1. But not cloudflare.com.

On Saturday, 28 May 2022 at 23:17:34 UTC+3 M wrote:


According the doc, you don't need to do that.
Firewall policy which is see with qvm-firewall sys-firewall:
0. tcp 443
1. dns
2. icmp
3. drop

I still can't solve the problem.
On Wednesday, 25 May 2022 at 07:18:35 UTC+3 sv...@svensemmler.org wrote:


On 5/24/22 08:36, M wrote:

sys-firewall - limit traffic to * on TCP port 443.
I tried ping google from sys-net and sys-firewall terminal.
 From sys-net domain+ip went through, sys-firewall only ip.




Don't set firewall rules directly on sys-firewall. Set them instead on 
the AppVMs that connect through sys-firewall.


--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e20ab13-3ede-a336-210f-60ba3c795426%40danwin1210.de.

Re: [qubes-users] Problems with announced Fedora 35 templates

2022-05-29 Thread Steve Coleman 
On Sun, May 29, 2022 at 4:39 AM Viktor Ransmayr 
wrote:

> Hello slcoleman,
>
> stevenlc...@gmail.com schrieb am Samstag, 28. Mai 2022 um 21:54:40 UTC+2:
>
>>
>>
>> Thanks for your quick reply!
>
> However, when I try to list the available templates using the
> 'qvm-template' command, I get the same error message:
>
> [vr@dom0 ~]$ qvm-template list
> [Qrexec] /bin/sh: /etc/qubes-rpc/qubes.TemplateSearch: No such file or
> directory
> ERROR: qrexec call 'qubes.TemplateSearch' failed.
> [vr@dom0 ~]$
>
>
>
I just checked my own system and ran a python3 trace on the command. The
file  /etc/qubes-rpc/qubes.TemplateSearch should be on the sys-firewall ,
assuming the default configuration. If you use a different OS or changed
your "Dom0 update qube" in the "Global Settings" for dom0 updates then that
update VM may not have this file installed. I would start by looking
there.

> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/e401d5aa-3837-4beb-bd23-1e8dcc6853b8n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ5FDngmmAH_8vVfnzvAR4Uiyxy0GfxiSZ6Hymn1dDR3%3DK3NRA%40mail.gmail.com.

Re: [qubes-users] No wired internet (Intel I219-LM) on new 4.1 install

2022-05-29 Thread M 
I can access https://1.1.1.1. But not cloudflare.com.

On Saturday, 28 May 2022 at 23:17:34 UTC+3 M wrote:

> According the doc, you don't need to do that. 
> Firewall policy which is see with qvm-firewall sys-firewall:
> 0. tcp 443
> 1. dns
> 2. icmp
> 3. drop
>
> I still can't solve the problem.
> On Wednesday, 25 May 2022 at 07:18:35 UTC+3 sv...@svensemmler.org wrote:
>
>> On 5/24/22 08:36, M wrote: 
>> > sys-firewall - limit traffic to * on TCP port 443. 
>> > I tried ping google from sys-net and sys-firewall terminal. 
>> > From sys-net domain+ip went through, sys-firewall only ip. 
>>
>> * ping uses ICMP which the firewall will always let through unless you 
>> use qvm-firewall 
>> * DNS queries are routed by Qubes OS to the netvm, which is in your case 
>> sys-firewall 
>> * once you allow UDP port 53 in the firewall settings in sys-firewall DNS 
>> should work 
>>
>> > Updates are also not working. 
>>
>> Well, they need DNS. ;-) ... and also Fedora will try to contact some 
>> HTTP URLs 
>>
>> If you don't want to allow HTTP in sys-firewall, you can 
>>
>> 1. clone it to sys-update 
>> 2. set sys-update as updatevm and in the policy for updates 
>> 3. allow HTTP for sys-update 
>> 4. set "provides networking" to false for sys-update 
>>
>> That means sys-update will be used as update proxy but no other qube can 
>> use it as network (netvm). 
>>
>> /Sven 
>>
>> -- 
>> public key: https://www.svensemmler.org/2A632C537D744BC7.asc 
>> fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f6d1ee2-6268-413c-93ed-3840d8197a63n%40googlegroups.com.

Re: [qubes-users] Problems with announced Fedora 35 templates

2022-05-29 Thread Viktor Ransmayr 
Hello slcoleman,

stevenlc...@gmail.com schrieb am Samstag, 28. Mai 2022 um 21:54:40 UTC+2:

>
> On Sat, May 28, 2022, 3:28 PM Viktor Ransmayr  
> wrote:
>
>> Hello Qubes Community,
>>
>> I run into a problem already in the very first step of the standard 
>> installation method:
>>
>> If I perform "sudo qubes-dom0-update qubes-template-fedora-35" in a 
>> 'dom0' terminal, I receive the following error msg:
>>
>> [vr@dom0 ~]$ sudo qubes-dom0-update qubes-template-fedora-35
>> Redirecting to 'qvm-template install  fedora-35'
>> [Qrexec] /bin/sh: /etc/qubes-rpc/qubes.TemplateSearch: No such file or 
>> directory
>> ERROR: qrexec call 'qubes.TemplateSearch' failed.
>> [vr@dom0 ~]$
>>
>> My Qubes R4.1 system so far had two 'dom0' updates, which successfully 
>> finished using the Qubes Updater ...
>>
>> If I try it manually, I always receive the following feedback:
>>
>> [vr@dom0 ~]$
>> [vr@dom0 ~]$ sudo qubes-dom0-update
>> Using sys-firewall as UpdateVM to download updates for Dom0; this may 
>> take some time...
>> No updates available
>> [vr@dom0 ~]$
>>
>> Any ideas on why the template is not found - and - what I should 
>> additionally check on my system?
>>
>>
> I reported a similar problem a few days ago. At the time the f35 templates 
> were not appearing on some indexes and the devs were looking into it.
>
> I just used a browser to download the rpm's from itl and installed them 
> locally.
>
> Note : You should be using qvm-template command with R4.1, which is why 
> the forwarding message. 
>

Thanks for your quick reply!

However, when I try to list the available templates using the 
'qvm-template' command, I get the same error message: 

[vr@dom0 ~]$ qvm-template list
[Qrexec] /bin/sh: /etc/qubes-rpc/qubes.TemplateSearch: No such file or 
directory
ERROR: qrexec call 'qubes.TemplateSearch' failed.
[vr@dom0 ~]$ 

With kind regards,

Viktor

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e401d5aa-3837-4beb-bd23-1e8dcc6853b8n%40googlegroups.com.