Hi Micah, you're taking the opposite the usual strategy I do on my extra firewall vms -- by adding a rule rather than removing one. Could you try on the appropriate firewall vm:
iptables -D FORWARD 3 # where rule 3 should be the rule to drop all packets between the vif interfaces This should be equivalent to what you're doing but might be worth a check. Also I'm sure you've noticed whenever the firewall vm has a change to its rules, it'll reload and we have to re-execute this (anyone have ideas for that btw?). Two other things I just want to check you've remembered to do: - specifically *allow* forwarding to the vm ip block for each of the vms that need to communicate -- aka add 10.137.5.0/24 or whatever to the firewall rules of each vm - configure the host OS's input chain to allow connections in on the given port from any, or at least related and the other vm ip -- this one I have forgotten before on HVMs and been very confused lol... a whole OS...wat Hope that gives you some ideas. I take it you are also doing something like 'tcpdump -i vifX.0 icmp' to catch any icmp reject messages, if not that's a good idea too -- though mostly to see the reject messages from misconfigured forwarding. Cheers, =D anyone know how to do 'nc -l 9000' on windoze? that's always a handy test On Mon, Sep 5, 2016 at 3:04 PM, Micah Lee <mi...@micahflee.com> wrote: > On 09/05/2016 02:44 PM, Connor Page wrote: > > they should be connected to the same firewallvm, not netvm. iptables in > netvms are set up differently. > > They are connected to the same firewallvm. And I've successfully gotten > networking working between two Linux VMs using this firewallvm. It's > just not working with one of the VMs being a Windows HVM. > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/5eddbdaf-ca4e-cf63-b739-1229acc0f052%40micahflee.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAGq7KhoXzxCmre4rZZ_wV1KsLXmxv%3DX9FStOSu8dYihAUNxWww%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
