Re: [qubes-users] Re: Setting up firewall for mail and seeing traffic for individual appvms?
On 18.09.2017 01:45, Unman wrote: On Sun, Sep 17, 2017 at 11:46:53PM +0200, Stumpy wrote: On 17.09.2017 23:41, Frosty wrote: > Hi Stumpy, > > Are you using sys-whonix to enter the internet? If yes you probably > have to open port 9000 on the firewall, because tor traffic goes > trough port 9000 > > > Regards. > > > On 09/17/2017 11:36 PM, Stumpy wrote: > > > > > > On 17.09.2017 23:34, Stumpy wrote: > > > One of the many things on my checklist is to setup some of my appvms > > > with proper fw rules. I thought I'd start with gmail that I use > > > with a > > > mail client. I thought it would just be: > > > smtp.gmail.com > > > imap.gmail.com > > > and set it for smtp and imap services using tcp protocol. > > > Afaik those are the two servers that the client connects to, its what > > > I have set in my client but it seems I haven't set something right > > > because the client can't send/recive anything. > > > > > > So two questions: > > > 1) Is there something I am missing with the above settings and > > > 2) Is there a way I can see the incomming/outgoing traffic for this > > > one appvm? (which I am guessing would help give me a better idea of > > > what servers/addresses I need to add to my firewall). > > > > duh. I forgot to also mention that I do have the "deny network > > access except" raido button chked > > Hi Frosty, Thx 4 that. in This case I am not using whonix but I did plan on setting up some of my whnx appvms/firewalls later so that might come in handy. Regarding ports, is there a GUI way to add ports, ie vm manager -> firewall dialog box, or does that require editing ip tables? Cheers Hi Stumpy One problem that you face is that those names map to a number of different IP addresses. When you use a name in the firewall editor it is resolved when you set up the rule to 1 IP address. You should therefore make a note of the IP addresses and use them in the editor. The entries you make here are reflected in the FORWARD chain of the proxy upstream. You can inspect these by opening a terminal in that qube (e.g sys-firewall) and using 'iptables -L -nv' - look in the FORWARD chain and you sill see entries for the mail qube. You should also be able to see the counters incrementing when you try to make a connection. unman Hey Unman, Thx for the detailed explaination/howto. I will def give those a try! Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc78e6ab372ab11a202a80bda63c9df9%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Setting up firewall for mail and seeing traffic for individual appvms?
On Sun, Sep 17, 2017 at 11:46:53PM +0200, Stumpy wrote: > > > On 17.09.2017 23:41, Frosty wrote: > > Hi Stumpy, > > > > Are you using sys-whonix to enter the internet? If yes you probably > > have to open port 9000 on the firewall, because tor traffic goes > > trough port 9000 > > > > > > Regards. > > > > > > On 09/17/2017 11:36 PM, Stumpy wrote: > > > > > > > > > On 17.09.2017 23:34, Stumpy wrote: > > > > One of the many things on my checklist is to setup some of my appvms > > > > with proper fw rules. I thought I'd start with gmail that I use > > > > with a > > > > mail client. I thought it would just be: > > > > smtp.gmail.com > > > > imap.gmail.com > > > > and set it for smtp and imap services using tcp protocol. > > > > Afaik those are the two servers that the client connects to, its what > > > > I have set in my client but it seems I haven't set something right > > > > because the client can't send/recive anything. > > > > > > > > So two questions: > > > > 1) Is there something I am missing with the above settings and > > > > 2) Is there a way I can see the incomming/outgoing traffic for this > > > > one appvm? (which I am guessing would help give me a better idea of > > > > what servers/addresses I need to add to my firewall). > > > > > > duh. I forgot to also mention that I do have the "deny network > > > access except" raido button chked > > > > > > Hi Frosty, > > Thx 4 that. > > in This case I am not using whonix but I did plan on setting up some of my > whnx appvms/firewalls later so that might come in handy. > Regarding ports, is there a GUI way to add ports, ie vm manager -> firewall > dialog box, or does that require editing ip tables? > > Cheers Hi Stumpy One problem that you face is that those names map to a number of different IP addresses. When you use a name in the firewall editor it is resolved when you set up the rule to 1 IP address. You should therefore make a note of the IP addresses and use them in the editor. The entries you make here are reflected in the FORWARD chain of the proxy upstream. You can inspect these by opening a terminal in that qube (e.g sys-firewall) and using 'iptables -L -nv' - look in the FORWARD chain and you sill see entries for the mail qube. You should also be able to see the counters incrementing when you try to make a connection. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170917234512.zlyoq7m2vla7dkjs%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Setting up firewall for mail and seeing traffic for individual appvms?
On 17.09.2017 23:41, Frosty wrote: Hi Stumpy, Are you using sys-whonix to enter the internet? If yes you probably have to open port 9000 on the firewall, because tor traffic goes trough port 9000 Regards. On 09/17/2017 11:36 PM, Stumpy wrote: On 17.09.2017 23:34, Stumpy wrote: One of the many things on my checklist is to setup some of my appvms with proper fw rules. I thought I'd start with gmail that I use with a mail client. I thought it would just be: smtp.gmail.com imap.gmail.com and set it for smtp and imap services using tcp protocol. Afaik those are the two servers that the client connects to, its what I have set in my client but it seems I haven't set something right because the client can't send/recive anything. So two questions: 1) Is there something I am missing with the above settings and 2) Is there a way I can see the incomming/outgoing traffic for this one appvm? (which I am guessing would help give me a better idea of what servers/addresses I need to add to my firewall). duh. I forgot to also mention that I do have the "deny network access except" raido button chked Hi Frosty, Thx 4 that. in This case I am not using whonix but I did plan on setting up some of my whnx appvms/firewalls later so that might come in handy. Regarding ports, is there a GUI way to add ports, ie vm manager -> firewall dialog box, or does that require editing ip tables? Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/165ba467f157bff34a20bf30f3a83c8f%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Setting up firewall for mail and seeing traffic for individual appvms?
On 17.09.2017 23:34, Stumpy wrote: One of the many things on my checklist is to setup some of my appvms with proper fw rules. I thought I'd start with gmail that I use with a mail client. I thought it would just be: smtp.gmail.com imap.gmail.com and set it for smtp and imap services using tcp protocol. Afaik those are the two servers that the client connects to, its what I have set in my client but it seems I haven't set something right because the client can't send/recive anything. So two questions: 1) Is there something I am missing with the above settings and 2) Is there a way I can see the incomming/outgoing traffic for this one appvm? (which I am guessing would help give me a better idea of what servers/addresses I need to add to my firewall). duh. I forgot to also mention that I do have the "deny network access except" raido button chked -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/acc6f273d84524a42afe101cf7874255%40posteo.net. For more options, visit https://groups.google.com/d/optout.