On Thu, November 30, 2017 22:36, pr0xy wrote: > Specifically I need to pass HTTP, HTTPS and FTP through > the corporate proxies. I modified your example to this: > > iptables -t nat -I PREROUTING -i vif+ -p tcp --dport 80:443 -j DNAT --to > proxy.example.com:8080 > iptables -t nat -I PREROUTING -i vif+ -p tcp --dport 21 -j DNAT --to > proxy.example.com:10021 > > I placed that in the /rw/config/rc.local of sys-net and made it > executable. Rebooting the machine shows that it's persistent, and they > show up in the PREROUTING section when I check > iptables --table nat --list > > Problem is that AppVMs connected to the sys-firewall > sys-net don't > seem to take advantage of those settings. For example, I can't use > Firefox to connect to internet sites without manually setting the proxy > in the browser. Likewise, TemplateVMs with the same routing can't > update.
Might depend on how that corporate proxy is configured. For example, if it requires authentication. How friendly/linux savvy are the people who admin it? > Should I instead be making these iptables settings in a ProxyVM, and > connect like: AppVM/StandaloneVM/TemplateVM > ProxyVM > sys-firewall > > sys-net? This would be my approach for flexibility but either should work. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e4e54fe8eaad517b4f44c1f3091763e6%40elude.in. For more options, visit https://groups.google.com/d/optout.