Re: [qubes-users] Re: How to set some DNS entries in /etc/hosts for some hosts?
> > > Sometimes github.com resolves to 192.30.253.112 and .113 and > today(at least) they don't allow port 22 ssh, so `git push` fails like > > ssh: connect to host github.com port 22: No route to host > You can also run qvm-firewal --reload your-github-vm. I assigned a shortcut in the task bar to reload the firewall of all VMs for sites with many IP addresses, you could go one step further and do it constantly: while sleep 60; do for vm in your-github-vm some-other-vm blah blah; qvm-firewal --reload "$vm"; done; done If the VM is currently halted, it does not attempt to start it, and does not trigger any error :) . > ok, it's because of Qubes because having a rule in Firewall like " github.com" "ssh" "tcp" which apparently adds an iptables(?) rule based on resolved IP at the time(of AppVM start?), and github having changing IPs ("We do not recommend whitelisting by IP address," from: https://help.github.com/articles/about-github-s-ip-addresses/ ) >From experience, the IP is resolved on VM start. Cheers, Georges Dupéron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAKQnwqYyrvZa_L31YEMem8O_Y9wWaDV9fHnsAtT3PbM0xKbd_A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How to set some DNS entries in /etc/hosts for some hosts?
Marcus Linsner wrote on 2/7/19 2:31 PM: On Thursday, February 7, 2019 at 2:17:19 PM UTC, Marcus Linsner wrote: On Thursday, February 7, 2019 at 1:44:00 PM UTC, Marcus Linsner wrote: On Thursday, February 7, 2019 at 1:04:07 PM UTC, Marcus Linsner wrote: On Thursday, February 7, 2019 at 12:57:39 PM UTC, Marcus Linsner wrote: Sometimes github.com resolves to 192.30.253.112 and .113 and today(at least) they don't allow port 22 ssh, so `git push` fails like ssh: connect to host github.com port 22: No route to host I noticed however that when it resolves to something like 140.82.112.40 (unsure exactly the IP) then ssh works and `git push` succeeds! the working IP is 140.82.118.3 grreat, now not even that IP works anymore: ssh: connect to host github.com port 22: No route to host i'm guessing some epic sshd bug is being exploited? :D silly speculation(s) ok, it's because of Qubes because having a rule in Firewall like "github.com" "ssh" "tcp" which apparently adds an iptables(?) rule based on resolved IP at the time(of AppVM start?), and github having changing IPs ("We do not recommend whitelisting by IP address," from: https://help.github.com/articles/about-github-s-ip-addresses/ ) so basically, it was my fault :) oh and I forgot to mention that because ping always works even if everything else is denied(in AppVM's Firewall tab), it threw me off :) it's a Qubes feature, I know. You probably figured out already that if you determine and add all ofGithub's IPs to your SSH firewall rules, you can have what you're looking for. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe7531fb-8b15-67b8-3484-af1e904b55aa%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to set some DNS entries in /etc/hosts for some hosts?
On Thursday, February 7, 2019 at 2:17:19 PM UTC, Marcus Linsner wrote: > On Thursday, February 7, 2019 at 1:44:00 PM UTC, Marcus Linsner wrote: > > On Thursday, February 7, 2019 at 1:04:07 PM UTC, Marcus Linsner wrote: > > > On Thursday, February 7, 2019 at 12:57:39 PM UTC, Marcus Linsner wrote: > > > > Sometimes github.com resolves to 192.30.253.112 and .113 and today(at > > > > least) they don't allow port 22 ssh, so `git push` fails like > > > > ssh: connect to host github.com port 22: No route to host > > > > > > > > I noticed however that when it resolves to something like 140.82.112.40 > > > > (unsure exactly the IP) then ssh works and `git push` succeeds! > > > > > > the working IP is 140.82.118.3 > > > > grreat, now not even that IP works anymore: > > ssh: connect to host github.com port 22: No route to host > > > > i'm guessing some epic sshd bug is being exploited? :D silly speculation(s) > > ok, it's because of Qubes because having a rule in Firewall like "github.com" > "ssh" "tcp" which apparently adds an iptables(?) rule based on resolved IP at > the time(of AppVM start?), and github having changing IPs ("We do not > recommend whitelisting by IP address," from: > https://help.github.com/articles/about-github-s-ip-addresses/ ) > > so basically, it was my fault :) oh and I forgot to mention that because ping always works even if everything else is denied(in AppVM's Firewall tab), it threw me off :) it's a Qubes feature, I know. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/deddad62-b99d-45eb-9df2-317f4cf35bdc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to set some DNS entries in /etc/hosts for some hosts?
On Thursday, February 7, 2019 at 1:44:00 PM UTC, Marcus Linsner wrote: > On Thursday, February 7, 2019 at 1:04:07 PM UTC, Marcus Linsner wrote: > > On Thursday, February 7, 2019 at 12:57:39 PM UTC, Marcus Linsner wrote: > > > Sometimes github.com resolves to 192.30.253.112 and .113 and today(at > > > least) they don't allow port 22 ssh, so `git push` fails like > > > ssh: connect to host github.com port 22: No route to host > > > > > > I noticed however that when it resolves to something like 140.82.112.40 > > > (unsure exactly the IP) then ssh works and `git push` succeeds! > > > > the working IP is 140.82.118.3 > > grreat, now not even that IP works anymore: > ssh: connect to host github.com port 22: No route to host > > i'm guessing some epic sshd bug is being exploited? :D silly speculation(s) ok, it's because of Qubes because having a rule in Firewall like "github.com" "ssh" "tcp" which apparently adds an iptables(?) rule based on resolved IP at the time(of AppVM start?), and github having changing IPs ("We do not recommend whitelisting by IP address," from: https://help.github.com/articles/about-github-s-ip-addresses/ ) so basically, it was my fault :) But still, I'd like to know an answer to my OP question: but I'm gonna guess I'll have to use dnsmasq instead of any kind of /etc/hosts, that is, for global effect. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/047dce15-fbf4-4cb7-88f6-b65d06c94506%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to set some DNS entries in /etc/hosts for some hosts?
On Thursday, February 7, 2019 at 1:04:07 PM UTC, Marcus Linsner wrote: > On Thursday, February 7, 2019 at 12:57:39 PM UTC, Marcus Linsner wrote: > > Sometimes github.com resolves to 192.30.253.112 and .113 and today(at > > least) they don't allow port 22 ssh, so `git push` fails like > > ssh: connect to host github.com port 22: No route to host > > > > I noticed however that when it resolves to something like 140.82.112.40 > > (unsure exactly the IP) then ssh works and `git push` succeeds! > > the working IP is 140.82.118.3 grreat, now not even that IP works anymore: ssh: connect to host github.com port 22: No route to host i'm guessing some epic sshd bug is being exploited? :D silly speculation(s) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b76d8eaa-1aa2-4c18-af8c-65e74960386c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to set some DNS entries in /etc/hosts for some hosts?
On Thursday, February 7, 2019 at 12:57:39 PM UTC, Marcus Linsner wrote: > Sometimes github.com resolves to 192.30.253.112 and .113 and today(at least) > they don't allow port 22 ssh, so `git push` fails like > ssh: connect to host github.com port 22: No route to host > > I noticed however that when it resolves to something like 140.82.112.40 > (unsure exactly the IP) then ssh works and `git push` succeeds! the working IP is 140.82.118.3 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12ba1cc4-24ca-4145-9323-ae28a436c5dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.