Hi, I'm trying to find out why HVM qubes using DHCP don't work with mirage-firewall (https://github.com/mirage/qubes-mirage-firewall/issues/56).
The process seems to go like this: 1. The HVM qube makes a DHCP request over its emulated network device. 2. The DHCP server in the stub domain replies, saying the router is 10.137.0.1 (see https://github.com/QubesOS/qubes-vmm-xen-stubdom-linux/blob/master/rootfs/init#L37). 3. The Qube tries to use this and fails, because that's not the IP address of the firewall. Testing with sys-firewall, it seems that sys-firewall responds to all ARP requests with its own address. e.g. [user@test ~]$ sudo route add 1.2.3.4 eth0 [user@test ~]$ timeout 1s ping 1.2.3.4 PING 1.2.3.4 (1.2.3.4) 56(84) bytes of data. [user@test ~]$ sudo arp -an ? (1.2.3.4) at fe:ff:ff:ff:ff:ff [ether] on eth0 Is this the expected behaviour? What are the rules about what addresses the firewall should answer for? Thanks, -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/914dab0e-3733-43af-8b7a-6d6c7f2f5400%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.