> Unman: > > I suggest you read the docs: > > www.qubes-os.org/doc/firewall has a section on allowing traffic in to > > qubes. > > Thank you for the link. It provided a good foundation. > > > But this may not be what you want. It reads as if you want to have > > sys-net operating as a router. You can do this quite simply by changing > > the iptables configuration and using proxy arp to make sure that the > > external network sees the qubes behind the router. > > Alternatively you could use the netvm as a gateway to the network of > > qubes, and make sure that THAT route is propagated on your internal > > network. > > Thank you, it seems like using proxy arp is the way to go for me. That way I > can still use a dynamic address for my NetVM.
I'm getting back to this thread, still haven't got everything working: My NetVM is connected to a local network 10.0.0.0/16, and gets a dynamic IP via DHCP. AppVMs connect directly to the NetVM, without any firewall, and all firewall rules has been removed from NetVM. All networking is now working fine, both between AppVMs and from AppVMs and into the 10.0.0.0/16 network. Now I need to have the AppVMs available from the 10.0.0.0/16 network... Where do I need to enable arp_proxy to make this happen? Only on the NetVM interface connected to the 10.0.0.0/16 network, or also on the vif interfaces on the NetVM, or in the AppVMs also?? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/382450c2-11c6-40dc-9bea-03840335c104%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
