Re: [qubes-users] Re: How to set some DNS entries in /etc/hosts for some hosts?
>
> > Sometimes github.com resolves to 192.30.253.112 and .113 and
> today(at least) they don't allow port 22 ssh, so `git push` fails like
> > ssh: connect to host github.com port 22: No route to host
>
You can also run qvm-firewal --reload your-github-vm.
I assigned a shortcut in the task bar to reload the firewall of all VMs for
sites with many IP addresses, you could go one step further and do it
constantly:
while sleep 60; do for vm in your-github-vm some-other-vm blah blah;
qvm-firewal --reload "$vm"; done; done
If the VM is currently halted, it does not attempt to start it, and does
not trigger any error :) .
> ok, it's because of Qubes because having a rule in Firewall like "
github.com" "ssh" "tcp" which apparently adds an iptables(?) rule based on
resolved IP at the time(of AppVM start?), and github having changing IPs
("We do not recommend whitelisting by IP address," from:
https://help.github.com/articles/about-github-s-ip-addresses/ )
>From experience, the IP is resolved on VM start.
Cheers,
Georges Dupéron
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/CAKQnwqYyrvZa_L31YEMem8O_Y9wWaDV9fHnsAtT3PbM0xKbd_A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How to set some DNS entries in /etc/hosts for some hosts?
Marcus Linsner wrote on 2/7/19 2:31 PM:
On Thursday, February 7, 2019 at 2:17:19 PM UTC, Marcus Linsner wrote:
On Thursday, February 7, 2019 at 1:44:00 PM UTC, Marcus Linsner wrote:
On Thursday, February 7, 2019 at 1:04:07 PM UTC, Marcus Linsner wrote:
On Thursday, February 7, 2019 at 12:57:39 PM UTC, Marcus Linsner wrote:
Sometimes github.com resolves to 192.30.253.112 and .113 and today(at least)
they don't allow port 22 ssh, so `git push` fails like
ssh: connect to host github.com port 22: No route to host
I noticed however that when it resolves to something like 140.82.112.40 (unsure
exactly the IP) then ssh works and `git push` succeeds!
the working IP is 140.82.118.3
grreat, now not even that IP works anymore:
ssh: connect to host github.com port 22: No route to host
i'm guessing some epic sshd bug is being exploited? :D silly speculation(s)
ok, it's because of Qubes because having a rule in Firewall like "github.com" "ssh" "tcp"
which apparently adds an iptables(?) rule based on resolved IP at the time(of AppVM start?), and github having changing
IPs ("We do not recommend whitelisting by IP address," from:
https://help.github.com/articles/about-github-s-ip-addresses/ )
so basically, it was my fault :)
oh and I forgot to mention that because ping always works even if everything
else is denied(in AppVM's Firewall tab), it threw me off :) it's a Qubes
feature, I know.
You probably figured out already that if you determine and add all
ofGithub's IPs to your SSH firewall rules, you can have what you're
looking for.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/fe7531fb-8b15-67b8-3484-af1e904b55aa%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to set some DNS entries in /etc/hosts for some hosts?
On Thursday, February 7, 2019 at 2:17:19 PM UTC, Marcus Linsner wrote:
> On Thursday, February 7, 2019 at 1:44:00 PM UTC, Marcus Linsner wrote:
> > On Thursday, February 7, 2019 at 1:04:07 PM UTC, Marcus Linsner wrote:
> > > On Thursday, February 7, 2019 at 12:57:39 PM UTC, Marcus Linsner wrote:
> > > > Sometimes github.com resolves to 192.30.253.112 and .113 and today(at
> > > > least) they don't allow port 22 ssh, so `git push` fails like
> > > > ssh: connect to host github.com port 22: No route to host
> > > >
> > > > I noticed however that when it resolves to something like 140.82.112.40
> > > > (unsure exactly the IP) then ssh works and `git push` succeeds!
> > >
> > > the working IP is 140.82.118.3
> >
> > grreat, now not even that IP works anymore:
> > ssh: connect to host github.com port 22: No route to host
> >
> > i'm guessing some epic sshd bug is being exploited? :D silly speculation(s)
>
> ok, it's because of Qubes because having a rule in Firewall like "github.com"
> "ssh" "tcp" which apparently adds an iptables(?) rule based on resolved IP at
> the time(of AppVM start?), and github having changing IPs ("We do not
> recommend whitelisting by IP address," from:
> https://help.github.com/articles/about-github-s-ip-addresses/ )
>
> so basically, it was my fault :)
oh and I forgot to mention that because ping always works even if everything
else is denied(in AppVM's Firewall tab), it threw me off :) it's a Qubes
feature, I know.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/deddad62-b99d-45eb-9df2-317f4cf35bdc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to set some DNS entries in /etc/hosts for some hosts?
On Thursday, February 7, 2019 at 1:44:00 PM UTC, Marcus Linsner wrote:
> On Thursday, February 7, 2019 at 1:04:07 PM UTC, Marcus Linsner wrote:
> > On Thursday, February 7, 2019 at 12:57:39 PM UTC, Marcus Linsner wrote:
> > > Sometimes github.com resolves to 192.30.253.112 and .113 and today(at
> > > least) they don't allow port 22 ssh, so `git push` fails like
> > > ssh: connect to host github.com port 22: No route to host
> > >
> > > I noticed however that when it resolves to something like 140.82.112.40
> > > (unsure exactly the IP) then ssh works and `git push` succeeds!
> >
> > the working IP is 140.82.118.3
>
> grreat, now not even that IP works anymore:
> ssh: connect to host github.com port 22: No route to host
>
> i'm guessing some epic sshd bug is being exploited? :D silly speculation(s)
ok, it's because of Qubes because having a rule in Firewall like "github.com"
"ssh" "tcp" which apparently adds an iptables(?) rule based on resolved IP at
the time(of AppVM start?), and github having changing IPs ("We do not recommend
whitelisting by IP address," from:
https://help.github.com/articles/about-github-s-ip-addresses/ )
so basically, it was my fault :)
But still, I'd like to know an answer to my OP question: but I'm gonna guess
I'll have to use dnsmasq instead of any kind of /etc/hosts, that is, for global
effect.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/047dce15-fbf4-4cb7-88f6-b65d06c94506%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to set some DNS entries in /etc/hosts for some hosts?
On Thursday, February 7, 2019 at 1:04:07 PM UTC, Marcus Linsner wrote: > On Thursday, February 7, 2019 at 12:57:39 PM UTC, Marcus Linsner wrote: > > Sometimes github.com resolves to 192.30.253.112 and .113 and today(at > > least) they don't allow port 22 ssh, so `git push` fails like > > ssh: connect to host github.com port 22: No route to host > > > > I noticed however that when it resolves to something like 140.82.112.40 > > (unsure exactly the IP) then ssh works and `git push` succeeds! > > the working IP is 140.82.118.3 grreat, now not even that IP works anymore: ssh: connect to host github.com port 22: No route to host i'm guessing some epic sshd bug is being exploited? :D silly speculation(s) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b76d8eaa-1aa2-4c18-af8c-65e74960386c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to set some DNS entries in /etc/hosts for some hosts?
On Thursday, February 7, 2019 at 12:57:39 PM UTC, Marcus Linsner wrote: > Sometimes github.com resolves to 192.30.253.112 and .113 and today(at least) > they don't allow port 22 ssh, so `git push` fails like > ssh: connect to host github.com port 22: No route to host > > I noticed however that when it resolves to something like 140.82.112.40 > (unsure exactly the IP) then ssh works and `git push` succeeds! the working IP is 140.82.118.3 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12ba1cc4-24ca-4145-9323-ae28a436c5dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
