-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Aug 18, 2016 at 10:34:55AM -0700, Adrian Rocha wrote: > El jueves, 18 de agosto de 2016, 10:50:14 (UTC-6), Marek Marczykowski-Górecki > escribió: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > On Thu, Aug 18, 2016 at 09:12:35AM -0700, Adrian Rocha wrote: > > > El jueves, 18 de agosto de 2016, 9:45:44 (UTC-6), Marek > > > Marczykowski-Górecki escribió: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA256 > > > > > > > > On Thu, Aug 18, 2016 at 08:25:34AM -0700, Adrian Rocha wrote: > > > > > El viernes, 12 de agosto de 2016, 2:34:52 (UTC-6), Marek > > > > > Marczykowski-Górecki escribió: > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > Hash: SHA256 > > > > > > > > > > > > On Thu, Aug 11, 2016 at 11:07:54AM -0700, Adrian Rocha wrote: > > > > > > > Hi, > > > > > > > > > > > > > > I have two network devices and one only USB controller, so both > > > > > > > devices are in the same VM (sys-usb). I want to route some > > > > > > > app-VMs by one network and the rest by the other network, for > > > > > > > that I have created two firewall VMs but both are connected to > > > > > > > the same network VMs because, as I commented, I can not divide > > > > > > > the network devices in different VMs. > > > > > > > By default all the traffic is going by only one network device. > > > > > > > This is the configuration in my sys-usb: > > > > > > > > > > > > > > [user@sys-usb ~]$ ip route list > > > > > > > default via 172.20.1.1 dev enp0s0u2 proto static metric 100 > > > > > > > default via 192.168.8.1 dev enp0s0u3 proto static metric 101 > > > > > > > 10.137.4.8 dev vif2.0 scope link metric 32750 > > > > > > > 10.137.4.29 dev vif9.0 scope link metric 32743 > > > > > > > 172.20.0.0/21 dev enp0s0u2 proto kernel scope link src > > > > > > > 172.20.2.255 metric 100 > > > > > > > 192.168.8.0/24 dev enp0s0u3 proto kernel scope link src > > > > > > > 192.168.8.100 metric 100 > > > > > > > > > > > > > > The firewall IPs are 10.137.4.8 and 10.137.4.29 > > > > > > > > > > > > > > I know how to route a traffic to an specific IP using "ip route > > > > > > > add" to a determined device network, but How can I route the > > > > > > > complete traffic from one firewall VM by one device network and > > > > > > > the traffic from other firewall VM by the other device network? > > > > > > > > > > > > Source based-routing is tricky in Linux in general. You can search > > > > > > for > > > > > > some guides on the internet. > > > > > > > > > > > > But alternatively, on Qubes R3.2, you can assign one of those USB > > > > > > devices to different VM - some separate netvm, or even one of those > > > > > > firewallvms directly (and do not attach this firewallvm to any > > > > > > netvm). > > > > > > It may work slightly slower, but should be much easier. > > > > > > > > > > Thanks for your tip Marek, but I am having an error with the USB > > > > > assign: > > > > > > > > > > The ethernet adapter in the sys-usb VM: > > > > > [user@sys-usb ~]$ lsusb > > > > > ... > > > > > Bus 005 Device 002: ID 0b95:1790 ASIX Electronics Corp. AX88179 > > > > > Gigabit Ethernet > > > > > ... > > > > > > > > > > And when I try to assing them to the sys-net VM in dom0: > > > > > [user@dom0 ~]$ qvm-usb > > > > > sys-usb:4-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen > > > > > sys-usb:5-2 0b95:1790 ASIX_Elec._Corp._AX88179_000000000000:9 > > > > > sys-usb:4-9 8087:07dc 8087_07dc > > > > > sys-usb:4-11 0bda:573c > > > > > CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001 > > > > > [user@dom0 ~]$ qvm-usb -a sys-net sys-usb:5-2 > > > > > ERROR: Device attach failed: /usr/lib/qubes/usb-import: line 51: > > > > > printf: write error: Invalid argument > > > > > > > > > > Any idea or a detailed reference about this functionality? > > > > > > > > Check kernel messages in sys-net. It looks like kernel driver rejects > > > > this device for some reason. > > > > > > > > > > This is the message in sys-net: > > > [ 3116.501714] vhci_hcd: Failed attach request for unsupported USB speed: > > > super-speed > > > > > > And I see this in sys-usb: > > > [ 3095.918081] usbip-host 5-2: stub up > > > [ 3095.920893] usbip-host 5-2: recv a header, 0 > > > [ 3096.023678] usbip-host 5-2: reset SuperSpeed USB device number 2 using > > > xhci_hcd > > > [ 3096.038562] usbip-host 5-2: device reset > > > > Ok, so the reason is the device being USB3.0, which isn't supported by > > the driver, unfortunately. Try plugging it into USB2.0 port. > > > > Ahh ok, I tried in the USB 2.0 port, and now I can assign it. But I see in > the sys-net that it is recognized for a while but never connects to the > network. After a few seconds the device returns to the sys-usb VM. This are > de messages in sys-net VM: > > [ 7277.118612] vhci_hcd vhci_hcd: rhport(0) sockfd(0) devid(262154) speed(3) > speed_str(high-speed) > [ 7277.321126] usb 2-1: new high-speed USB device number 2 using vhci_hcd > [ 7277.526125] usb 2-1: new high-speed USB device number 3 using vhci_hcd > [ 7277.731179] usb 2-1: new high-speed USB device number 4 using vhci_hcd > [ 7277.731224] usb 2-1: SetAddress Request (4) to port 0 > [ 7277.754530] usb 2-1: New USB device found, idVendor=0b95, idProduct=1790 > [ 7277.754571] usb 2-1: New USB device strings: Mfr=1, Product=2, > SerialNumber=3 > [ 7277.754598] usb 2-1: Product: AX88179 > [ 7277.754617] usb 2-1: Manufacturer: ASIX Elec. Corp. > [ 7277.754629] usb 2-1: SerialNumber: 000000000000:9 > [ 7279.201825] ax88179_178a 2-1:1.0 eth0: register 'ax88179_178a' at > usb-vhci_hcd-1, ASIX AX88179 USB 3.0 Gigabit Ethernet, a0:ce:c8:01:9d:5a > [ 7279.201937] usbcore: registered new interface driver ax88179_178a > [ 7279.232276] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready > [ 7279.582818] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready > [ 7282.764712] ax88179_178a 2-1:1.0 eth0: ax88179 - Link status is: 1 > [ 7282.773797] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready > [ 7323.025920] vhci_hcd: connection closed > [ 7323.025957] vhci_hcd: stop threads > [ 7323.025964] vhci_hcd: release socket > [ 7323.025968] vhci_hcd: disconnect device > [ 7323.025996] usb 2-1: USB disconnect, device number 4
Take a look at kernel messages in sys-usb at this point of time. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXxO0EAAoJENuP0xzK19csbJIH/1NhSZkGgEuT94VjhD8M8NKN oXh6nt6jOBmeZ/msN0y2W+hG5N4z2u1zn23XPKmEt9weDkGREC+S/m35JM1xFrK1 631e00pCTpIsz2p3Bwv6kF0+bGg70gfsPSkwJqvR5ll7zkTD8P7Nqu8zSbJ/F3yh 0pHVgNE0zJXXGPa4Eo/a5S8H68BHOZf2KHALeTchiYmw7ex52GMOgN9O1gS++hQK xPq3IYsdQ8TAP1tMSf0bJxvHNsWzBgX43n8NOiirZiXUanqFWFAzWFVt3hFYfV2f fTBuRVJgSvtrfdyPJaD1R1Zd4bsziD9LQ4QlCFXIufC4ReLKtjnbzPtU3Vv8RFY= =12rd -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160830021845.GL21245%40mail-itl. For more options, visit https://groups.google.com/d/optout.
