-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Aug 18, 2016 at 08:25:34AM -0700, Adrian Rocha wrote: > El viernes, 12 de agosto de 2016, 2:34:52 (UTC-6), Marek Marczykowski-Górecki > escribió: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > On Thu, Aug 11, 2016 at 11:07:54AM -0700, Adrian Rocha wrote: > > > Hi, > > > > > > I have two network devices and one only USB controller, so both devices > > > are in the same VM (sys-usb). I want to route some app-VMs by one network > > > and the rest by the other network, for that I have created two firewall > > > VMs but both are connected to the same network VMs because, as I > > > commented, I can not divide the network devices in different VMs. > > > By default all the traffic is going by only one network device. This is > > > the configuration in my sys-usb: > > > > > > [user@sys-usb ~]$ ip route list > > > default via 172.20.1.1 dev enp0s0u2 proto static metric 100 > > > default via 192.168.8.1 dev enp0s0u3 proto static metric 101 > > > 10.137.4.8 dev vif2.0 scope link metric 32750 > > > 10.137.4.29 dev vif9.0 scope link metric 32743 > > > 172.20.0.0/21 dev enp0s0u2 proto kernel scope link src 172.20.2.255 > > > metric 100 > > > 192.168.8.0/24 dev enp0s0u3 proto kernel scope link src 192.168.8.100 > > > metric 100 > > > > > > The firewall IPs are 10.137.4.8 and 10.137.4.29 > > > > > > I know how to route a traffic to an specific IP using "ip route add" to a > > > determined device network, but How can I route the complete traffic from > > > one firewall VM by one device network and the traffic from other firewall > > > VM by the other device network? > > > > Source based-routing is tricky in Linux in general. You can search for > > some guides on the internet. > > > > But alternatively, on Qubes R3.2, you can assign one of those USB > > devices to different VM - some separate netvm, or even one of those > > firewallvms directly (and do not attach this firewallvm to any netvm). > > It may work slightly slower, but should be much easier. > > Thanks for your tip Marek, but I am having an error with the USB assign: > > The ethernet adapter in the sys-usb VM: > [user@sys-usb ~]$ lsusb > ... > Bus 005 Device 002: ID 0b95:1790 ASIX Electronics Corp. AX88179 Gigabit > Ethernet > ... > > And when I try to assing them to the sys-net VM in dom0: > [user@dom0 ~]$ qvm-usb > sys-usb:4-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen > sys-usb:5-2 0b95:1790 ASIX_Elec._Corp._AX88179_000000000000:9 > sys-usb:4-9 8087:07dc 8087_07dc > sys-usb:4-11 0bda:573c > CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001 > [user@dom0 ~]$ qvm-usb -a sys-net sys-usb:5-2 > ERROR: Device attach failed: /usr/lib/qubes/usb-import: line 51: printf: > write error: Invalid argument > > Any idea or a detailed reference about this functionality?
Check kernel messages in sys-net. It looks like kernel driver rejects this device for some reason. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXtdghAAoJENuP0xzK19csjmEH/RKN1Wo8EsllAJ0jUfHcp4AP GtjhLUYdU+zM2b+h37CLqGCLJ98Eeh4J/CMTH4B7MD6Y5TbCsJNfSxlLYfduPC4Y zQa/MCDQ09Rof/iipT6SSXX/vRG+NyO+ssMWZM2URjGO0/IXyf0+RM7BI8syPq/L FoNXyJU36F8BNAcihQZIJ1pDwj1gfEz8JJUEhX1rQgSvjUm7mmdpV2DCF1fYZ/OS LsIBGrz+Ugja7dcYhwcxz1VkpXwPvExI/JceiLvlNxILwRaBtaBPMbX23CmknvB8 T31N1IgJSxUQDgcPEhgu8MpHFyHmR5XhCQZmAJ+eMimhDdv4faLTCr2NKvXCSlg= =/uUW -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160818154536.GJ9166%40mail-itl. For more options, visit https://groups.google.com/d/optout.
