Re: [qubes-users] Re: How to setup NetVM based on fedora-24-minimal template to allow updates?
Got it!!! The package qubes-template-minimal-stub prevent the install of tinyproxy. In order to do that, you have to install with the full package name: sudo dnf install tinyproxy.x86_64 I don't know if you have to do something else but it worked for me!!! Dominique! On Monday, February 13, 2017 at 9:04:17 PM UTC-5, Dominique St-Pierre Boucher wrote: > What do you mean, forcing install by version number? > > I looked into the difference between the minimal and the full version of the > template... Missing the tinyproxy.conf file and missing 2 lines in the > iptables: > -A PR-QBS-SERVICES -d 10.137.1.254/32 -i vif+ -p tcp -m tcp --dport 8082 -j > REDIRECT > -A INPUT -i vif+ -p tcp -m tcp --dport 8082 -j ACCEPT > > Did I missed a step somewhere? > > Thanks Dominique > On Monday, February 13, 2017 at 6:41:55 PM UTC-5, Unman wrote: > > On Mon, Feb 13, 2017 at 10:59:14PM +, Unman wrote: > > > On Mon, Feb 13, 2017 at 12:00:40PM -0800, Dominique St-Pierre Boucher > > > wrote: > > > > Hello, > > > > > > > > I have the exact same issue!!! Tinyproxy does not seems to work > > > > correctly and I never worked with TinyProxy before. > > > > > > > > Please Help > > > > > > > > Thanks > > > > > > > > Dominique > > > > > > > > On Monday, February 6, 2017 at 8:22:40 AM UTC-5, CF wrote: > > > > > Hello, > > > > > > > > > > I am running Qubes 3.2 on a laptop smoothly for some days. Following > > > > > https://www.qubes-os.org/doc/templates/fedora-minimal/, I wanted to > > > > > replace default NetVM (sys-net) and ProxyVM (sys-forewall) based on > > > > > Fedora-24 by new ones based on Fedora-24-minimal. > > > > > > > > > > Default minimal template works perfectly as a ProxyVM. Cloned > > > > > template > > > > > with network device firmware and recommended packages effectively > > > > > provide an internet connection but does not allow updates of > > > > > TemplateVMs. > > > > > > > > > > As a workaround, it is possible to update those TemplateVMs using > > > > > sys-whonix as NetVM. Another workaround is to use the default netVM > > > > > based on fedora-23 while keeping the default fedora-24-minimal as > > > > > firewall. > > > > > > > > > > Any idea on how to setup the new NetVM to allow those updates without > > > > > those workarounds? > > > > > > > > > > Thanks > > > > > > > > > > If I remember the qubes-stub package stops straightforward installation > > > of many of the netvm packages. I assume you worked around this issue. > > > > > > The obvious places to look are: > > > "iptables -L -nv" to ensure that you have an INPUT rule allowing traffic > > > to the tinyproxy. > > > And "systemctl status qubes-updates-proxy" to see what the status of > > > tinyproxy is. > > > > > > Look at those outputs and you may be able to see the problem. > > > > > > unman > > > > I've just run through the configuration, forcing installs by using the > > version number, and it works fine. > > Don't forget that you have to enable the qubes-update-proxy service: > > qvm-service -e qubes-update-proxy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d4865210-be72-48c8-837c-ab415a2efbb9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How to setup NetVM based on fedora-24-minimal template to allow updates?
What do you mean, forcing install by version number? I looked into the difference between the minimal and the full version of the template... Missing the tinyproxy.conf file and missing 2 lines in the iptables: -A PR-QBS-SERVICES -d 10.137.1.254/32 -i vif+ -p tcp -m tcp --dport 8082 -j REDIRECT -A INPUT -i vif+ -p tcp -m tcp --dport 8082 -j ACCEPT Did I missed a step somewhere? Thanks Dominique On Monday, February 13, 2017 at 6:41:55 PM UTC-5, Unman wrote: > On Mon, Feb 13, 2017 at 10:59:14PM +, Unman wrote: > > On Mon, Feb 13, 2017 at 12:00:40PM -0800, Dominique St-Pierre Boucher wrote: > > > Hello, > > > > > > I have the exact same issue!!! Tinyproxy does not seems to work correctly > > > and I never worked with TinyProxy before. > > > > > > Please Help > > > > > > Thanks > > > > > > Dominique > > > > > > On Monday, February 6, 2017 at 8:22:40 AM UTC-5, CF wrote: > > > > Hello, > > > > > > > > I am running Qubes 3.2 on a laptop smoothly for some days. Following > > > > https://www.qubes-os.org/doc/templates/fedora-minimal/, I wanted to > > > > replace default NetVM (sys-net) and ProxyVM (sys-forewall) based on > > > > Fedora-24 by new ones based on Fedora-24-minimal. > > > > > > > > Default minimal template works perfectly as a ProxyVM. Cloned template > > > > with network device firmware and recommended packages effectively > > > > provide an internet connection but does not allow updates of > > > > TemplateVMs. > > > > > > > > As a workaround, it is possible to update those TemplateVMs using > > > > sys-whonix as NetVM. Another workaround is to use the default netVM > > > > based on fedora-23 while keeping the default fedora-24-minimal as > > > > firewall. > > > > > > > > Any idea on how to setup the new NetVM to allow those updates without > > > > those workarounds? > > > > > > > > Thanks > > > > > > > If I remember the qubes-stub package stops straightforward installation > > of many of the netvm packages. I assume you worked around this issue. > > > > The obvious places to look are: > > "iptables -L -nv" to ensure that you have an INPUT rule allowing traffic > > to the tinyproxy. > > And "systemctl status qubes-updates-proxy" to see what the status of > > tinyproxy is. > > > > Look at those outputs and you may be able to see the problem. > > > > unman > > I've just run through the configuration, forcing installs by using the > version number, and it works fine. > Don't forget that you have to enable the qubes-update-proxy service: > qvm-service -e qubes-update-proxy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/05139270-7128-4ab5-9752-a54fa3bc7f80%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How to setup NetVM based on fedora-24-minimal template to allow updates?
On Mon, Feb 13, 2017 at 10:59:14PM +, Unman wrote: > On Mon, Feb 13, 2017 at 12:00:40PM -0800, Dominique St-Pierre Boucher wrote: > > Hello, > > > > I have the exact same issue!!! Tinyproxy does not seems to work correctly > > and I never worked with TinyProxy before. > > > > Please Help > > > > Thanks > > > > Dominique > > > > On Monday, February 6, 2017 at 8:22:40 AM UTC-5, CF wrote: > > > Hello, > > > > > > I am running Qubes 3.2 on a laptop smoothly for some days. Following > > > https://www.qubes-os.org/doc/templates/fedora-minimal/, I wanted to > > > replace default NetVM (sys-net) and ProxyVM (sys-forewall) based on > > > Fedora-24 by new ones based on Fedora-24-minimal. > > > > > > Default minimal template works perfectly as a ProxyVM. Cloned template > > > with network device firmware and recommended packages effectively > > > provide an internet connection but does not allow updates of TemplateVMs. > > > > > > As a workaround, it is possible to update those TemplateVMs using > > > sys-whonix as NetVM. Another workaround is to use the default netVM > > > based on fedora-23 while keeping the default fedora-24-minimal as > > > firewall. > > > > > > Any idea on how to setup the new NetVM to allow those updates without > > > those workarounds? > > > > > > Thanks > > > > If I remember the qubes-stub package stops straightforward installation > of many of the netvm packages. I assume you worked around this issue. > > The obvious places to look are: > "iptables -L -nv" to ensure that you have an INPUT rule allowing traffic > to the tinyproxy. > And "systemctl status qubes-updates-proxy" to see what the status of > tinyproxy is. > > Look at those outputs and you may be able to see the problem. > > unman I've just run through the configuration, forcing installs by using the version number, and it works fine. Don't forget that you have to enable the qubes-update-proxy service: qvm-service -e qubes-update-proxy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170213234153.GB26318%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How to setup NetVM based on fedora-24-minimal template to allow updates?
On Mon, Feb 13, 2017 at 12:00:40PM -0800, Dominique St-Pierre Boucher wrote: > Hello, > > I have the exact same issue!!! Tinyproxy does not seems to work correctly and > I never worked with TinyProxy before. > > Please Help > > Thanks > > Dominique > > On Monday, February 6, 2017 at 8:22:40 AM UTC-5, CF wrote: > > Hello, > > > > I am running Qubes 3.2 on a laptop smoothly for some days. Following > > https://www.qubes-os.org/doc/templates/fedora-minimal/, I wanted to > > replace default NetVM (sys-net) and ProxyVM (sys-forewall) based on > > Fedora-24 by new ones based on Fedora-24-minimal. > > > > Default minimal template works perfectly as a ProxyVM. Cloned template > > with network device firmware and recommended packages effectively > > provide an internet connection but does not allow updates of TemplateVMs. > > > > As a workaround, it is possible to update those TemplateVMs using > > sys-whonix as NetVM. Another workaround is to use the default netVM > > based on fedora-23 while keeping the default fedora-24-minimal as firewall. > > > > Any idea on how to setup the new NetVM to allow those updates without > > those workarounds? > > > > Thanks > If I remember the qubes-stub package stops straightforward installation of many of the netvm packages. I assume you worked around this issue. The obvious places to look are: "iptables -L -nv" to ensure that you have an INPUT rule allowing traffic to the tinyproxy. And "systemctl status qubes-updates-proxy" to see what the status of tinyproxy is. Look at those outputs and you may be able to see the problem. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170213225914.GA26318%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to setup NetVM based on fedora-24-minimal template to allow updates?
Hello, I have the exact same issue!!! Tinyproxy does not seems to work correctly and I never worked with TinyProxy before. Please Help Thanks Dominique On Monday, February 6, 2017 at 8:22:40 AM UTC-5, CF wrote: > Hello, > > I am running Qubes 3.2 on a laptop smoothly for some days. Following > https://www.qubes-os.org/doc/templates/fedora-minimal/, I wanted to > replace default NetVM (sys-net) and ProxyVM (sys-forewall) based on > Fedora-24 by new ones based on Fedora-24-minimal. > > Default minimal template works perfectly as a ProxyVM. Cloned template > with network device firmware and recommended packages effectively > provide an internet connection but does not allow updates of TemplateVMs. > > As a workaround, it is possible to update those TemplateVMs using > sys-whonix as NetVM. Another workaround is to use the default netVM > based on fedora-23 while keeping the default fedora-24-minimal as firewall. > > Any idea on how to setup the new NetVM to allow those updates without > those workarounds? > > Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d576bb3-a1ad-423d-b340-80ea9036b849%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.