Le mardi 14 février 2017 13:08:37 UTC+1, Joe Ruether a écrit : > On Monday, February 13, 2017 at 9:35:52 PM UTC-5, Joe Ruether wrote: > > Ok, I need to simplify this. I need help, I don't know what I am missing. > > Is anyone able to recreate the following netcat test? > > > > I cannot seem to get the DNAT portion of the iptables to work at all. Here > > is a very simple test: > > > > On the proxyvm, I use the following rules to redirect port 5353 to > > localhost, and allow the connection: > > > > iptables -t nat -I PR-QBS 1 -d 10.137.4.1 -p tcp --dport 5353 -j DNAT > > --to-destination 127.0.0.1 > > iptables -I INPUT 1 -p tcp --dport 5353 -j ACCEPT > > > > Then, on the proxyvm, I run the following command to listen on that port > > (no other service is running on that port): > > > > nc -l -p 5353 > > > > Finally, on the AppVM, I run the following command: > > > > nc 10.137.4.1 5353 > > > > My expectation is that the two netcats will connect, however they don't. > > What do I need to do to get my AppVM to talk to my ProxyVM? Thanks > > Well, I feel like a fool, I finally figured it out. I realized the DNAT rules > aren't necessary at all, so all I needed was this: > > iptables -I INPUT 1 -p tcp --dport 5353 -j ACCEPT > > Of course I overcomplicated such a simple problem... I learned a bunch about > iptables though. > > I also have the PiHole adblocker working now. In case anyone stumbles onto > this thread trying to do the same thing, the final trick was to add the Qubes > vif interfaces to a dnsmasq config file to it would listen on them.
Hi Joe, I'm would like to build a similar setup, with pi-hole as a proxyVM for some browsing AppVM on my fresh Qubes 4.0 install. I'm quite a beginner to Qubes (and to linux more genrally) and I'm struggling following what you've done to make it work. (I have also tried to follow some other instructions here: https://blog.tufarolo.eu/how-to-configure-pihole-in-qubesos-proxyvm/ but either I'm missing something, or it doesn't work like this anymore with 4.0) Have you updated your setup to Qubes 4.0 if needed ? Would you please agree to summarize as simply and clearly as possible the necessary steps to make it work for a noob like me. Thanks Tom -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5231186a-8856-45b6-8b7b-67fcfe9bf86d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.