On Fri, May 14, 2021 at 03:55:50PM +0100, [email protected] wrote: > > > With salt? `qubesctl state.apply qvm.sys-firewall` should do it. > > > > But sys-firewall is just a qube with networking enabled, "provides-network" > > set to True and > > memory 500. > > > > Ok, maybe there's another issue. Currently I'm not able to expose a port to > outside world (outside my qubes box) which was working 1/2 year ago but now > it doesn't: > I've tried these scripts to do it: > - https://github.com/QubesOS/qubes-issues/issues/5693 > (https://gist.github.com/fepitre/941d7161ae1150d90e15f778027e3248) > - https://github.com/QubesOS/qubes-issues/issues/4028 > (https://github.com/niccokunzmann/qvm-expose-port) > - https://gist.github.com/jpouellet/d8cd0eb8589a5b9bf0c53a28fc530369 > > In my vm-to-be-exposed I used besides the service I actually want to expose > the following: > - python3 -m http.server > - netcat -lv port > > Connections in my local network to this AppVM using the IP of my qubes-NetVM > all fail with a timeout. If I'm trying to connect from my qubes box to a > simple ubuntu with an exposed port it works. > > That's why my hypothesis was that I messed up my firewall qube. > > Any ides how I could tackle down the problem? >
Have you read https://www.qubes-os.org/doc/firewall ? What templates are you using for sys-net and sys-firewall? Start at sys-net - you should have a rule directing inbound traffic to <port> to sys-firewall. Open a terminal in sys-net, and observe the counters in PRE-ROUTING and FORWARD. Attempt to make a connection - the counters should increment. Do the same in sys-firewall. Again, when you try to make a connection, you should see the counters increment. Do the same in the target qube. Here you should see the counter increment in the filter chain. Stepping down the network chain like this will help you identify where your problem lies. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210514150854.GA15606%40thirdeyesecurity.org.
