-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-11-06 11:36, trash wrote: > Good Evening > > The last week I've read something very interesting about Qubes-os in a French > magazine. I've tested it for several days and it remains some important > questions. > I sent a mail to benbaill...@idpresse.com who told me contact you for further > explanations. > That's what I'm doing. >
Hello Dom, Thank you for your interest in Qubes! Just so you know, we like to have (non-private) Qubes discussions on our mailing lists. This allows other knowledgeable people from the community to chime in and allows information to be shared with everyone. It also makes the discussion searchable for other people in the future. So, I'm CCing our qubes-users mailing list in my reply (please keep this address CCed if you reply). You can read more about our mailing lists here: https://www.qubes-os.org/mailing-lists/ > > 1/ How could I use ssh to manage qubes-os ( not secure but may be useful > sometimes). > If you mean from dom0, then this currently breaks the Qubes security model, which entails that dom0 has no network access. (Remote management is planned for the future.) It might currently be possible, but it's not supported. This has come up on the MLs a number of times in the past, so you might consider doing some searches and reading through the results of others' attempts. > 2/ When I create a "black default vm, ican see in parameters that networking > is not allowed, but between a "green" one and a "blue " one I cant find any > differences. So Is it me who decide I will surf only on save sites with a > "blue vm" or are there some parameters modified by the system (iptables for > example). It's not very clear to me. > Yes, you ultimately get to decide what the colors means. When you create a new VM of any color (including black), there are no pre-configured differences based on that color. The color is merely a label. (I suspect that you examined the properties of an existing black VM, perhaps the "vault" created during installation.) By default, the assumption is that black is the most trusted color, while red is the least trusted. But you're free to overturn this assumption if you wish. > 3/ I can connect my synology and manage my shares directories via my web > browser but not via > nautilus (or others ) with the command smb://192.168.X.Y:aaaa > (I'm asking for login/password but after, I can't access my shared > directories/files ). > I'm not sure about this one, as I don't use a Synology product. This sounds like it's probably not Qubes-specific, but perhaps rather a Samba/Fedora issue. Maybe someone else can shed light here. > 4/ And the most important, about the firewall: > > One vm +"deny network access exept " no Internet link -->normal > > One vm +"deny......exept 192.168.X.Y:aaaa --> connection on the nas Synology > -->normal > > One vm +"deny.....exept * -->openbar-->normal > > One vm + "deny....exept phoenixjp.com --> I can connect the site but can't > reach the further links. It seems to be normal but not suitable for me. > > how coulld I solve this problem if I want to access http, https, ftp > > Be sure I've surfed on many sites trying to find clues, but without many > success. > It sounds like you want to allow connections on all protocols to the entire IP range or CIDR block associated with that domain. Take a look at the documentation here: https://www.qubes-os.org/doc/qubes-firewall/ The comments in this issue might also be relevant or helpful to you: https://github.com/QubesOS/qubes-issues/issues/879 > You're certainly the people able to help, It seems to me that a Qubes-os well > mastered could be very secured for my network. Actually I can see the amount > of possibilities but cant master the essential security parameters to use it > in "production" (my home network). > > At any rate, very good job > > Best regards > > Dom Courtiol > Thanks! Welcome to Qubes! - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYH+uPAAoJENtN07w5UDAw6KAQAMNG60VYyopHWlmZOxBVvzqg /v15OWnwzvM5Mr0QDlOYYwJLE2qUOWL2n91sQWt/5BQ2FeHhBwf8KlSZOpKjNJi0 oRmuXsxrhJczvEDrygdLY/cuqYPwCSHUJQhYgZQK1792D+lMcnea+xAmH8D4nrFZ Wr9xjCo7sGalijfrOY0tJpXCBsDc4uOzxJaE94yWtakK/vnK/Um5SfEx66wcT5xl HHcKNAwHWzWraIXItdP++VOH5997dmp8Z0KjefuLFm03CnTy51Jks3AcxvUpGf2A fLjzQEW1Yg19Rda7DJuP+u4RI9MKjZzPzrXzBRazzQaSc5nXoKj7TUgxJRfAwPsu G2KH2EhToK0djNpuQEFOXkBRxQ8InqvfQbaQuTN1NdUT3FoSJIYyCzwDMTjF7Q5Q +YuIpCVj9vCpYifkBWb4fTboia/2xkFRH+CQ31NguNC7hZYOq+RaWXtwyVWS3tq2 lKyq/JU04GrcRJ2l7XjyAMM91zerq14PUz4APO7fyZeI4UOTm++O98ySgfMwxMPj QXWdJzlbzOoyDfOIYoqx8du58AQ10hVVEvVhU+jEClEwI5Obi6CEW4b2shM7sZXp aCS047exJm9lhObnu2cbUOdwNkbO6j7lWx+Gqb4RFcGsCEbEL15Zh8a6tusyDWEB fqTi7K1kMSxo4DZZbLcI =ypJD -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/60917edc-8d52-91ae-a36a-08f02e332754%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
