On Monday, February 13, 2017 at 9:35:52 PM UTC-5, Joe Ruether wrote: > Ok, I need to simplify this. I need help, I don't know what I am missing. Is > anyone able to recreate the following netcat test? > > I cannot seem to get the DNAT portion of the iptables to work at all. Here is > a very simple test: > > On the proxyvm, I use the following rules to redirect port 5353 to localhost, > and allow the connection: > > iptables -t nat -I PR-QBS 1 -d 10.137.4.1 -p tcp --dport 5353 -j DNAT > --to-destination 127.0.0.1 > iptables -I INPUT 1 -p tcp --dport 5353 -j ACCEPT > > Then, on the proxyvm, I run the following command to listen on that port (no > other service is running on that port): > > nc -l -p 5353 > > Finally, on the AppVM, I run the following command: > > nc 10.137.4.1 5353 > > My expectation is that the two netcats will connect, however they don't. What > do I need to do to get my AppVM to talk to my ProxyVM? Thanks
Well, I feel like a fool, I finally figured it out. I realized the DNAT rules aren't necessary at all, so all I needed was this: iptables -I INPUT 1 -p tcp --dport 5353 -j ACCEPT Of course I overcomplicated such a simple problem... I learned a bunch about iptables though. I also have the PiHole adblocker working now. In case anyone stumbles onto this thread trying to do the same thing, the final trick was to add the Qubes vif interfaces to a dnsmasq config file to it would listen on them. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fb192195-af69-4793-b4a2-1f787af2ddbc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
