Hello,
I am trying to use the application Syncthing[1] and also SSBC[2] based
application like patchwork[3] on Qubes 4.0-rc1
Those application are using local discovery in your network to connect
to other local peers. For my use case, it is critical that I don't
depend of any external servers outside of my network for synchronization
of data. It is not specifically a privacy stance, but simply the fact
that I don't always have access to a reliable and speedy internet
access, and I want some of my data to be seamlessly synchronize between
my phone and laptop (for example, camera pictures)
[1] https://syncthing.net/
[2] https://github.com/ssbc/secure-scuttlebutt
[3] https://github.com/ssbc/patchwork
Syncthing for example require the port 22000/tcp to be available, and
the discovery/broadcast happen on the port 21027/udp, I have tried the
following setup on my sys-net:
iptables -t nat -A PREROUTING -p tcp --dport 22000 -d 192.168.0.11 -j
DNAT --to-destination <sys-firewall-ip>
iptables -t nat -A PREROUTING -p udp --dport 21027 -j DNAT
--to-destination <sys-firewall-ip>
iptables -I FORWARD 2 -d <sys-firewall-ip> -p tcp --dport 22000 -m
conntrack --ctstate NEW -j ACCEPT
iptables -I FORWARD 2 -d <sys-firewall-ip> -p udp --dport 21027 -m
conntrack --ctstate NEW -j ACCEPT
Then on the sys-firewall I have:
iptables -t nat -A PREROUTING -p udp --dport 21027 -j DNAT
--to-destination <syncthing-vm-ip>
iptables -t nat -A PREROUTING -p tcp --dport 22000 -d 10.137.0.4 -j DNAT
--to-destination <syncthing-vm-ip>
iptables -I FORWARD 2 -d <syncthing-vm-ip> -p udp --dport 21027 -m
conntrack --ctstate NEW -j ACCEPT
iptables -I FORWARD 2 -d <syncthing-vm-ip> -p tcp --dport 22000 -m
conntrack --ctstate NEW -j ACCEPT
Finally on the syncthing-vm IP, I just accept everything in input (this
is temporary, I'll reduce to only the needed listening when able to make
it works):
iptables -I INPUT 1 -j ACCEPT
But with all that my devices are not discovered on the network.
Any clue, or idea how I could use this kind of tool in Qube?
Thanks in advance for any help.
Best regard
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/8341d345-4680-1606-cf04-bb2e5ee09299%40mayeu.me.
For more options, visit https://groups.google.com/d/optout.