Re: [qubes-users] Re: Qubes as server
On Sun, Aug 26, 2018 at 06:45:56AM -, 'awokd' via qubes-users wrote: > On Sat, August 25, 2018 2:50 pm, Unman wrote: > > > The Qubes networking structure is flexible enough to let you do pretty > > much whatever you like without unduly compromising security. > > Say someone would like to set up an internal vswitch with multiple VMs on > it with one acting as a gateway, or set up multiple portgroups each on its > own VLAN trunked outside. This can be relatively easily accomplished with > some virtualization products, but Qubes isn't really designed to > accommodate lab/server setups like that. > But Xen is, and you *can* implement this should you wish. But as you say Qubes isn't designed for this purpose. I wasn't clear enough though. VLANs are just a tool, not an end in themselves. It's almost always possible to build a Qubes infrastructure that provides the isolation that VLANs provide. In the time I've been working with Qubes I haven't found a real world implementation that cant be accommodated with some careful thought. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180827112033.5zqp646sdso5hcpy%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes as server
On Sat, August 25, 2018 2:50 pm, Unman wrote: > The Qubes networking structure is flexible enough to let you do pretty > much whatever you like without unduly compromising security. Say someone would like to set up an internal vswitch with multiple VMs on it with one acting as a gateway, or set up multiple portgroups each on its own VLAN trunked outside. This can be relatively easily accomplished with some virtualization products, but Qubes isn't really designed to accommodate lab/server setups like that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2fd121e8752be4eb3a522a4a39f81a47.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes as server
On Saturday, August 25, 2018 at 7:51:01 AM UTC-7, Unman wrote: > On Sat, Aug 25, 2018 at 06:40:01AM -0700, Who Cares wrote: > > I did the same and you just should keep in mind that the sys-firewall would > > block any communication between VM's or between Clients and Qubes VM´s. > > > > Someone posted this Link: > > https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes > > it helped a lot. > > > > Just make sure that you either update iptable rules for each of your > > Service VM´s (for example Web-server-VM) or connect the Service VM's > > directly to sys-net without sys-firewall but this is, I think, not > > recommended. > > > > Definitely not recommended and unnecessary. > The Qubes networking structure is flexible enough to let you do pretty > much whatever you like without unduly compromising security. > > If you have 2 NICS, you could allocate one to a new sys-net and get even > greater isolation between your standard qubes and those offering > external services: DMZ on the cheap. > > unman Great, thank you both for your responses. I'll check into inter-qube networking and see what makes sense for me. Mostly I am concerned with just making a given qube accessible to outside, I don't think I care about inter-qube networking too much beyond that. One other thing I am wondering about is how feasible it is to selectively allow a given qube/VM to access a given directory (and only that directory) of my server's media drives. In particular, I am also wondering how well Qubes works with ZFS in practice (I have taken a quick look at the Qubes ZFS info page and see it does support it), as currently all my data is in a zpool. Should I expect trouble with either of those aspects? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4a6ddf11-3cca-47d1-8aac-ffd86b63ab61%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes as server
On Sat, Aug 25, 2018 at 06:40:01AM -0700, Who Cares wrote: > I did the same and you just should keep in mind that the sys-firewall would > block any communication between VM's or between Clients and Qubes VM´s. > > Someone posted this Link: > https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes > it helped a lot. > > Just make sure that you either update iptable rules for each of your Service > VM´s (for example Web-server-VM) or connect the Service VM's directly to > sys-net without sys-firewall but this is, I think, not recommended. > Definitely not recommended and unnecessary. The Qubes networking structure is flexible enough to let you do pretty much whatever you like without unduly compromising security. If you have 2 NICS, you could allocate one to a new sys-net and get even greater isolation between your standard qubes and those offering external services: DMZ on the cheap. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180825145059.qwzs3unbb6zlpaf3%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes as server
I did the same and you just should keep in mind that the sys-firewall would block any communication between VM's or between Clients and Qubes VM´s. Someone posted this Link: https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes it helped a lot. Just make sure that you either update iptable rules for each of your Service VM´s (for example Web-server-VM) or connect the Service VM's directly to sys-net without sys-firewall but this is, I think, not recommended. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0e2df1ac-8416-4e9c-bc09-41455391a23c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes as Server OS?
On Thursday, December 22, 2016 at 3:41:25 PM UTC-5, stevenwi...@gmail.com wrote: > I thought about the fact if its possible to use Qubes OS as a Server OS for > example for shared hosting or for application servers,etc. > > You could basically use Template VMs and start AppVMs running the needed > softwares for example on a shared hosting system. > > Would something in this direction even be possible and would any other use > cases be possible too? > > I guess its possible to use it as VM Host too? > > Are you using Qubes OS internally in some way like for the web server or at > the moment not? :D alot of overhead man just use a barebones system. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7f78b724-a9c2-4398-8d5d-7b43b1e94873%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
