Re: [qubes-users] ftp'ing to a computer on my LAN from an AppVM that is using a VPN proxyVM?
On 12/12/20 9:17 PM, unman wrote: On Sat, Dec 12, 2020 at 02:47:49PM -0500, Stumpy wrote: On 12/11/20 9:22 AM, unman wrote: On Fri, Dec 11, 2020 at 08:56:20AM -0500, Stumpy wrote: Is there a way to ftp to another computer on my LAN from a appvm that is using a proxyvm? I am able to ftp to other computers when I set this appvm to just use the default firewall, but sometimes I forget to set it back to use a vpn vm; but if I have the appvm using the vpn/proxy vm then I am unable to reach any of the other computers on my LAN? Please advise Yes - you need to adjust the firewall rules on the vpn qube to direct (ftp) traffic from the source ip to the local network - you could make this *highly* specific by specifying the destination in the new rule. pardon my ignorance but how would I do that? I know it would be in settings -> firewall settings but after that it gets a bit fuzzy? Well, you cant do it there, because you need to adjust the firewall rules implemented ON the vpn qube. What method are you using to set up the vpn? I used the new community vpn setup Right - but there are 2 methods outlined on that github page (if that's what you mean by community vpn) - 3 if you include "vpn on sys-net". Did you follow the "iptables and CLI scripts" section? There's an added issue that you will have to consider and that is the nature of FTP connections - when a client connects to a server, the server may create a link back to a port specified in the original connection: this is non-passive(active) ftp. If your FTP server does this then you will have to enable a route through to the client qube. The client may instead send a PASV command - then the server *may* send back a listening port number, and the client will create a link to that port. So there are 4 possibilities, and the firewall rules you need will depend on what are the capabilities of the server. Best check on that. Thanks unman, I used the Qubes OS contributed package "qubes tunnel". I am not sure about my server, is there a "standard" way to check that? (the server is running unraid, which is/was based on slackware so am hoping there might be a way to check that would work on most distros?). For the iptables and cli scripts part, would that still apply to using the "qubes tunnel" setup option? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f227bb4d-f576-8155-2683-90c1e0692b0d%40posteo.co.
Re: [qubes-users] ftp'ing to a computer on my LAN from an AppVM that is using a VPN proxyVM?
On Sat, Dec 12, 2020 at 02:47:49PM -0500, Stumpy wrote: > On 12/11/20 9:22 AM, unman wrote: > > On Fri, Dec 11, 2020 at 08:56:20AM -0500, Stumpy wrote: > > > Is there a way to ftp to another computer on my LAN from a appvm that is > > > using a proxyvm? > > > > > > I am able to ftp to other computers when I set this appvm to just use the > > > default firewall, but sometimes I forget to set it back to use a vpn vm; > > > but > > > if I have the appvm using the vpn/proxy vm then I am unable to reach any > > > of > > > the other computers on my LAN? > > > > > > Please advise > > > > > > > Yes - you need to adjust the firewall rules on the vpn qube to direct > > (ftp) traffic from the source ip to the local network - you could make > > this *highly* specific by specifying the destination in the new rule. > > pardon my ignorance but how would I do that? I know it would be in settings > -> firewall settings but after that it gets a bit fuzzy? Well, you cant do it there, because you need to adjust the firewall rules implemented ON the vpn qube. > > > What method are you using to set up the vpn? > > > > I used the new community vpn setup > Right - but there are 2 methods outlined on that github page (if that's what you mean by community vpn) - 3 if you include "vpn on sys-net". Did you follow the "iptables and CLI scripts" section? There's an added issue that you will have to consider and that is the nature of FTP connections - when a client connects to a server, the server may create a link back to a port specified in the original connection: this is non-passive(active) ftp. If your FTP server does this then you will have to enable a route through to the client qube. The client may instead send a PASV command - then the server *may* send back a listening port number, and the client will create a link to that port. So there are 4 possibilities, and the firewall rules you need will depend on what are the capabilities of the server. Best check on that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20201213021714.GA13508%40thirdeyesecurity.org.
Re: [qubes-users] ftp'ing to a computer on my LAN from an AppVM that is using a VPN proxyVM?
On 12/11/20 9:22 AM, unman wrote: On Fri, Dec 11, 2020 at 08:56:20AM -0500, Stumpy wrote: Is there a way to ftp to another computer on my LAN from a appvm that is using a proxyvm? I am able to ftp to other computers when I set this appvm to just use the default firewall, but sometimes I forget to set it back to use a vpn vm; but if I have the appvm using the vpn/proxy vm then I am unable to reach any of the other computers on my LAN? Please advise Yes - you need to adjust the firewall rules on the vpn qube to direct (ftp) traffic from the source ip to the local network - you could make this *highly* specific by specifying the destination in the new rule. pardon my ignorance but how would I do that? I know it would be in settings -> firewall settings but after that it gets a bit fuzzy? What method are you using to set up the vpn? I used the new community vpn setup -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7ba79473-0952-6613-261b-3b91422171f5%40posteo.co.
Re: [qubes-users] ftp'ing to a computer on my LAN from an AppVM that is using a VPN proxyVM?
On Fri, Dec 11, 2020 at 08:56:20AM -0500, Stumpy wrote: > Is there a way to ftp to another computer on my LAN from a appvm that is > using a proxyvm? > > I am able to ftp to other computers when I set this appvm to just use the > default firewall, but sometimes I forget to set it back to use a vpn vm; but > if I have the appvm using the vpn/proxy vm then I am unable to reach any of > the other computers on my LAN? > > Please advise > Yes - you need to adjust the firewall rules on the vpn qube to direct (ftp) traffic from the source ip to the local network - you could make this *highly* specific by specifying the destination in the new rule. What method are you using to set up the vpn? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20201211142234.GD4623%40thirdeyesecurity.org.
