Re: [qubes-users] how to investigate ports which needs to be open when firewall rules seems to be to restricted

['PR' via qubes-users]

Hello Unman,


On 05/19/2017 12:01 AM, Unman wrote:

On Thu, May 18, 2017 at 01:55:31PM -0700, 'PR' via qubes-users wrote:

Hello,

when using AppVMs for special purposes, I like to use deny all firewall rules 
and only open the neccessary ports.
Unfortunately this means a step-by-step approach to find out which domains and 
ports needs to open.

Question:
Where can I find a log file which shows what the firewall is blocking from 
inside (AppVM) to outside (WAN).
I know that I've missed some ports to get things up and running, but I don't 
know where to look for them.

Hello,

You create a log file by inserting a new rule in the iptables chain,
using the LOG target.

Let's say you want to check what's happening on sys-firewall to
traffic from 10.137.1.101
iptables -L -nv will show the current rules.
Count where the current DROP rule appears in the FORWARD chain - say,
it's at position 4.
Then insert a LOG rule before that DROP rule:
iptables -I FORWARD 4 -s 10.137.1.101 -j LOG


Now all the DROPPED traffic will be logged, and you can use dmesg to
inspect those logs.

unman

perfect, thanks!!
I assume that this rule is non-persistent and will not survive a reboot 
of sys-net, correct?
This would be great as I only need this rule to fine tune my firewall 
settings.


- P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7682876a-acf6-d3d6-d8de-bcbdeda51a7a%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] how to investigate ports which needs to be open when firewall rules seems to be to restricted

['PR' via qubes-users]

Hello,

when using AppVMs for special purposes, I like to use deny all firewall rules 
and only open the neccessary ports.
Unfortunately this means a step-by-step approach to find out which domains and 
ports needs to open.

Question:
Where can I find a log file which shows what the firewall is blocking from 
inside (AppVM) to outside (WAN).
I know that I've missed some ports to get things up and running, but I don't 
know where to look for them.

- P

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9b57185-a56b-4d2e-8873-c8a2ad380b54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: strange behaviour: Win 7 HVM :: Excel working in Debug, but not in Seamless Mode

['PR' via qubes-users]

Am Dienstag, 16. Mai 2017 08:27:45 UTC+2 schrieb PR:
> [...]
> 
> I've also seen that my Outlook profile gets destroyed sometimes I seamless 
> mode.
> I think that there is something wrong with the user folder redirection to a 
> private disk when working in seamless mode.
> 
> C:\Users\MyUsername has a link to D:\ this has been done when installing 
> Qubes Tools.
> I'll try to remove this redirection and keep all files within the windows 
> image (C:) to look if this produces another result.
> 
> Any feedback on this topic would be very helpful.

I think I damaged my windows HVM trying to uninstall and reinstall Qubes Tools.
As I don't want to rebuild, I would to know how to proceed looking at the error 
messages from the Log files.

In order to troubleshoot the problem with accessing files in my user folder 
when working in seamless mode, I have startet my windows HVM with a fedore iso 
and moves D:\Users back to C:\Users, so that all files are now located in the 
windows image, not the Qubes Private image file.

I uninstalled Qubes Tools, rebooted and tried to reinstall but now the installr 
is stopping with the following error message:

"The installer has encoutered an unexpected error installing this package
 This may indicate a problem with this package. The error code is 2753"

In the log file I have a line:
Error 0x80070643: Failed to install MSI package

I have tried this various times, rebooted several times - still the same 
problem.
I'm trying to install the same Qubes Tools Version I had installed before 
(Qubes Tools for Windows 3.2.2.3).

Any hint what might be the problem 

- P

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/453fb8b0-1b24-4791-8204-fd2649e985e0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] New version of Qubes Screenshot Tool

['PR' via qubes-users]

Hello Eva,


On 05/11/2017 02:29 PM, Eva Star wrote:

New version of Qubes Screenshot Tool available.
Tool to quickly made screenshots and upload them to appvm/imgurl.

https://github.com/evadogstar/qvm-screenshot-tool/

Now support command line options. With them you can skip any of 3
dialogues or all of them and setup default appvm to upload screenshot to
(or use this appvm to upload screenshots to imgurl service).

Examples:
qvm-screenshot-tool.sh -r --imgurl -vm personal
qvm-screenshot-tool.sh --region-only --imgurl -vi personal


https://github.com/evadogstar/qvm-screenshot-tool/


this is great, I've tried it.
Now PrintScreen opens the dialog and CTRL + PrintScreen will send the 
region to my untrusted AppVM:
qvm-screenshot-tool.sh --region-only --upload-to-appvm-only 
--virtualmachine untrusted


Great job, thanks!!

- P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/97a6b77d-b1a5-d171-5448-db6f66676050%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Accessing Android phone photos

['PR' via qubes-users]

Hello Alex,

On 05/11/2017 11:41 PM, Alex wrote:
/I'm connecting my Android phone over USB to my Qubes 3.2 host and... 
nothing happens. I'm using a Fedora 24 template and a USB Qube. I've 
read the issues on github relating to this but have not found a simple 
set of instructions for accessing my phone's files over MTP. What are 
the steps? /


I have never attached my Android phone to Qubes before, but tried so a 
few minutes ago and could access it without any problems:


1) attach phone via USB

2) on the phone, switch from "Charging only" to "USB Data tranfser (MTP)"

3) Launch a dom0 Terminal, you should see your phone after entering:
[user@dom0 ~]$ qvm-usb
   ...
   sys-usb:3-3 04xx:88xx Android_Androidxxx
   ...

4) mount your phone via sys-usb to your AppVM (I've choosen my untrusted 
AppVM in this case):

[user@dom0 ~]$ qvm-usb -a untrusted sys-usb:3-3

5) Open a File Explorer in this AppVM
[user@dom0 ~]$ qvm-run untrusted nautilus

6) you should see your phone as an additional device beneath the Trash-Icon.
If not, unmount and remount the phone once:
[user@dom0 ~]$ qvm-usb -d sys-usb:3-3
[user@dom0 ~]$ qvm-usb -a untrusted sys-usb:3-3


Good luck

- P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25055ce5-4180-7045-17ad-c8ac5bc6fef1%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Help adding documentation to Qubes Repository

['PR' via qubes-users]

Hello,

I need some help understanding how the collaborative documentation with 
GitHub works.


I like to write down some notes after I've been able to make something work.

This might sound poor to the Linux Pro, but helps me in case I need to 
repeat those steps again.


As such I tried to create a page about multimedia on qubes, summarizing 
the steps I took to watch content from Spotify, Amazon Prime, Netflix 
and to watch DVDs.


I've created a new page on Github, but the content is not shown as 
doc/text but as code.


 How to play multimedia content

https://github.com/phrabe/qubes-doc/blob/patch-2/configuration/multimedia

I also don't know if I need to do anything so that content gets either 
published to the main branch or if it is not worth it.


Any help would be appreciated.

- P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5b99366e-6062-03c2-7f8e-7f85993363be%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Copy/Paste images

['PR' via qubes-users]

Hello,


On 05/09/2017 10:11 PM, cooloutac wrote:

(...)
why not just use dnf in dom0?



Can I simply use dnf in dom0??
I thought (as it is a bad idea to add lots of packages to dom0) I need 
to download the packages in an App-VM, transfer it to dom0 via "qvm-run 
--pass-io APPVM 'Path/to/file/in/AppVM' > /path/in/dom0/file"


If I try to run "sudo dnf install scrot" in dom0 I get a "No package 
scrot available"

(which shouldn't work by design)

According to the documentation 
(https://www.qubes-os.org/doc/software-update-dom0/) the better way 
should be:


If I try to run "sudo qubes-dom0-update install scrot" I get:
Running command on VM: 'sys-firewall'...
(...)
No package install available.
Error: unable to find a path

What am I missing?

- P


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4678447a-d3ef-3953-d270-15dc13d6ac60%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Copy/Paste images

['PR' via qubes-users]

Hello,


On 05/09/2017 01:26 PM, Eva Star wrote:

Download it.
Move to dom0
chmod +x qvm-screenshot.sh

Then you can use it :)


I tried to install the screenshot-tool as mentioned in the 
howto:https://github.com/evadogstar/qvm-screenshot-tool


To summarize:, the requirements in dom0:

 * scrot at dom0 (recommended)
 * zenity at dom0 (needed)

I have downloaded scrot and zenity in an AppVM and moved it to dom0.
zenity is already installed in dom0, but when I try to install scrot I 
get a warning that linImlib2.so is missing.
I downloaded imlib2 (imlib2-1.4.9-1.fc23.x86_64.rpm) and moves it to 
dom0 but when trying to install it via:


dom0: sudo dnf install ./imlib2-1.4.9-1.fc23.x86_64.rpm

I get the message that libgif.so is missing.

I have therof tried to install scrot in an App-VM to find out which 
other packages get installed:


[user@untrusted Downloads]$ sudo yum install scrot
Redirecting to '/usr/bin/dnf install scrot' (see 'man yum2dnf')

Last metadata expiration check: 4:28:17 ago on Tue May  9 17:25:34 2017.
Dependencies resolved.
==
 Package Arch Version Repository   Size
==
Installing:
 giblib x86_64 1.2.4-23.fc23 fedora   28 k
 imlib2 x86_64 1.4.9-1.fc23 updates 214 k
 scrot x86_64 0.8-13.fc23 fedora   25 k
(...)

I have thereof downloaded giblib via "yumdownloader giblib" and 
transferred the file to dom0


But when I try to install giblib I get the message that "nothing 
provides libImlib2.so.1 (...) needed by giblib (...)"
When I try to install imlib2 I get the message that "nothing provides 
libgif.so.4"


*Question:*
How can I resolve this and install libgif.so.4 in dom0?
Which other packages need to be installed in dom0 so that all 
dependencies for scrot are fulfilled?


regards

- P


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ad2b73dd-b1af-2cdc-e6b3-d418b30945e8%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes as primary OS? Multimedia Experience: Spotofy / Netflix / Amazon Prime / how to make it work?

['PR' via qubes-users]

Hello,

I've found an easy way to play DVDs adding a few packages to my Debian 
Template based multimedia App VM.

Scroll down for a short installation howto.

On 05/08/2017 09:06 PM, cooloutac wrote:

On Monday, May 8, 2017 at 2:25:51 PM UTC-4, Ted Brenner wrote:

Yeah, I've just struggled with installing the libraries to play protected 
content. The documentation for Linux doesn't seem to be very good nor very 
up-to-date. But I can attach the DVD in an AppVM and I do have VLC installed. 
Just can't get over the next hurdle.


On Mon, May 8, 2017 at 2:15 PM, Ted Brenner  wrote:


I've struggled with multimedia as well. I've just been trying to play a DVD
but not be able to get it to work. Though I think this is not a Qubes issue
so much as a Linux issue. I have an old Mac that use for this so I haven't
been highly motivated to make it work. But I'm definitely interested in what
others find as I'd like to have one computer that can solve all my needs.

for HBO and stuff like that you need install HAL and flash and use firefox.

Another option instead of installing flash is intall pipelight and enable 
wildvine and flash throught that.   Another option for netflix is to enable 
silverlight through that if you rather use ff for netflix.


To play DVDs within Qubes I have used my new multimedia App VM (which 
can also play Spotify and Netflix, see post from yesterday).

The multimedia App-VM is based on the Debian 8 Template in Qubes 3.2

Some suggested to install the whole desktop within the Debian Image, I 
don't want to install everything but only the stuff, that is really needed.

As such I have looked at the Debian documentation

1. Launch Debian 8 Template VM and install the Qubes Proxy Tools, so
   that you can pass your (external?) DVD-Drive via sys-usb to the
   multimedia App-VM. Strangely the qubes-usb-proxy seems to be
   installed within the fedora template but not in the debian template.

   In Debian Template VM:
   sudo apt-get install qubes-usb-proxy
2.

   Install libdbdread4 from the default repositories:

   In Debian Template VM:
   apt-get install libdvdread4

3. Install libdvdcss for the decryption of CSS protected-DVDs.
   Because of license restrictions in various countries this can't be
   done from the Debian repositories but needs to be installed manually.
   (not that hard :-)).
   Download the packaged .deb from:
   
http://www.deb-multimedia.org/dists/stable/main/binary-amd64/package/libdvdcss2

   In Debian Template VM:
   wget
   
http://www.deb-multimedia.org/pool/main/libd/libdvdcss/libdvdcss2_1.3.0-dmo1_amd64.deb
   sudo dpkg -i libdvdcss2_1.3.0-dmo1_amd64.deb

4. I like to use VLC to playback Video/DVDs - you might want to use
   another player, but VLC works fine.
   As this is not installed in the default Debian Template:

   In Debian Template VM:
   sudo apt-get install vlc

   This will also install some dependencies.

5. Shutdown the Debian Template VM and launch your multimedia App VM

6. Plugin your external USB DVD-Drive (if you don't have an internal
   drive) and pass it to the multimedia App VM

   In dom0:
   qvm-usb -a multimedia sys-usb:3-6

7. Launch VLC

   qvm-run multimedia vlc

   Warning: a window will open in the background which will ask for
   collecting metadata information.
   I haven't seen the window as it was covered by the VLC main window,
   so that I couldn't launch any commands in this window.

8. Open DVD within VLC:
   Media > Open Disk
   You can leave the defaults (/dev/sr0) and just hit play


Enjoy your DVD, I'll try to add this to the Qubes documentation if this 
is not present.


Regards

- P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d679e2e-cba8-e779-ff76-77d2f6e30fa8%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes as primary OS? Multimedia Experience: Spotofy / Netflix / Amazon Prime / how to make it work?

['PR' via qubes-users]

On 05/08/2017 08:22 PM, Jean-Philippe Ouellet wrote:

On Mon, May 8, 2017 at 2:15 PM, Ted Brenner 
  wrote:

I've struggled with multimedia as well. I've just been trying to play a DVD
but not be able to get it to work. Though I think this is not a Qubes issue
so much as a Linux issue. I have an old Mac that use for this so I haven't
been highly motivated to make it work. But I'm definitely interested in what
others find as I'd like to have one computer that can solve all my needs.

On Mon, May 8, 2017 at 12:45 PM, Grzesiek Chodzicki
   wrote:

W dniu poniedziałek, 8 maja 2017 19:30:16 UTC+2 użytkownik Piit napisał:

(...)
I tried to find out what is best practise to use spotify/netflix/amazon
prime/... etc. with Qubes, but it seems that this is not a common
usecase.

The problem is, that I can't those apps ins a
"multimedia-windows-app-VM" as there is no sound-support for windows
within Qubes.

And unfortunately Netflix & Co don't work out of the box with Linux.

Question: How do you use Qubes with those or similar
multimedia-services?

(...)

Tidal works in Chrome which does have a Linux client so I installed chrome
and use it to listen to music.


I've started to built a multimedia App-VM, to get Spotify/Netflix etc. 
working.

I've choosen to the Debian Template.

I had to run the following steps, is worth to add this to a new 
documentation page "multimedia under Qubes OS"?:


- How to enjox Spotify
- How to enjox Netflix
- How to enjox Amzon Prime



=
  How to enjoy Spotify under Qubes OS
=
Install-Howto: https://www.spotify.com/de/download/linux/ 



Detailed steps:

1) sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 
 --recv-keys 
BBEBDCB318AD50EC6865090613B00F1FD2C19886
2) echo deb http://repository.spotify.com stable non-free | sudo tee 
/etc/apt/sources.list.d/spotify.list

3) sudo apt-get update
4) sudo apt-get install spotify-client

I could then start the native spotify client .. easy.


==
  How to enjoy Netflix under Qubes OS
==
The built in Firefox (from the Debian Template VM) was Firefox ESR 45.3.0
According to the "supported browser" list Mozilla Firefox >= 47.x is needed.
I've thereoff installed Firefox v53.0.2 according to this manual:
http://libre-software.net/how-to-install-firefox-on-ubuntu-linux-mint/ 



1) download firefox from https://www.mozilla.org/en-US/firefox/new/?scene=2
direct download link:
https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0.2/linux-x86_64/en-US/firefox-53.0.2.tar.bz2 



2) unpack the downloaded file
tar -xjf firefox-53.0.2.tar.bz2

3) move the unpacked folder:
sudo mv firefox /opt/firefox53

4) Create a symlink to the new firefox version:
if you want to use the new installed firefox as "standard firefox", 
rename the original link in case you want to go back to the previous version

sudo mv /usr/bin/firefox /usr/bin/firefox-old
Create a link to the new firefox version
sudo ln -s /opt/firefox53/firefox /usr/bin/firefox

5) Launch firefox and open Preferences, Content and enable "Play DRM 
content"


That's it, login into Netflix and enjoy.



  How to enjoy Amazon Prime under Qubes OS


If you have setup everything to watch netflix (see above), Amazon Prime 
should also work.

Enjoy"

Kind regards

- P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/09f3a1e7-fd58-2e95-0bd5-8b4d74c539af%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.