On Tue, Jul 18, 2017 at 09:08:20AM -0700, Max wrote: > On Tuesday, 18 July 2017 23:45:13 UTC+8, Unman wrote: > > On Tue, Jul 18, 2017 at 08:33:37AM -0700, Max wrote: > > > Hi, > > > > > > I have installed the Bitcoin Core client and wish to allow inbound > > > connections. Has anyone tried doing this? I am able to connect to the > > > network with outbound connections but have had no success when trying to > > > get inbound connections > > > > > > I have taken these steps: > > > > > > 1) Installed Bitcoin GUI in the template VM > > > 2) Run it in a dedicated AppVM, downloaded the entire blockchain and am > > > in sync > > > 3) Configured port forwarding on the router, removed the firewall > > > 4) Followed the port forwarding steps > > > (https://www.qubes-os.org/doc/firewall/#port-forwarding-to-a-qube-from-the-outside-world) > > > but replaced the port 443 in the instructions with 8333 > > > 5) Tried to Telnet the IP address on the sys-net (appears to be > > > 192.168.1.18 on the wlp0s1 and do check node on bitnodes.21.co but it is > > > unable to connect to host / says my IP is unreachable > > > > > > Any advice > > > > > > Thanks, > > > > > > Max > > > > > > > I'm always worried when I see comments like "removed the firewall", or > > global changes to firewall rules. This is almost never the right thing > > to do.You should be able to put new permissive rules in the firewall > > and retain other protections. > > > > Anyway, 192.168.. is a private address, not routable on the internet. > > What you want to provide is the EXTERNAL IP address on your router. > > If you don't know this you can check it using nwtools.com, unless you're > > using Tor or a VPN, in which case just log in to the router and check. > > > > unman > > Hi Unman, > > Regarding the firewall changes - possibly I wasn't clear. > > The statement removing the firewall was simply me disabling it on the router. > I wanted to eliminate this as a possibility before raising my questions here. > The only changing of the firewall I have done in the Qubes OS is the iptables > changes on the sys-net and sys-firewall VMs. > > As far as I understand, whilst I may have been a bit of a fool to put in my > private address in the telnet, the Bitnodes website was testing the correct > port on the external IP address I have. I am getting an unreachable message > here. I only did the internal address from a different device on the same > network. > > Thanks, > > Max >
Hi Max, If you can monitor the router, you should be able to see the inbound traffic when you run that test. You can also run 'iptables -L -nv' on sys-net, and watch counters - again, you should see the counter increment when you run the test. (Watch a rule that allows traffic to port 8333, obviously) You can also watch counters on sys-firewall and the target qube. By doing all this you should be able to see where the traffic is being blocked, without needing to use a network sniffer or dumping traffic. Start at the outmost node, and work inwards. At the point where you dont see traffic you know the problem lies one hop upstream, (unless it doesn't get to the router obviously). If you see the traffic inbound at the destination qube, then it's possible that you are blocking the return traffic on the way out. Just reverse the process to trace the outbound traffic. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170718181258.sg6v6mn7obfjg2nn%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
