On 2017-12-01 10:30, awokd wrote: > On Thu, November 30, 2017 22:36, pr0xy wrote: > >> Specifically I need to pass HTTP, HTTPS and FTP through >> the corporate proxies. I modified your example to this: >> >> iptables -t nat -I PREROUTING -i vif+ -p tcp --dport 80:443 -j DNAT --to >> proxy.example.com:8080 >> iptables -t nat -I PREROUTING -i vif+ -p tcp --dport 21 -j DNAT --to >> proxy.example.com:10021 >> >> I placed that in the /rw/config/rc.local of sys-net and made it >> executable. Rebooting the machine shows that it's persistent, and they >> show up in the PREROUTING section when I check >> iptables --table nat --list >> >> Problem is that AppVMs connected to the sys-firewall > sys-net don't >> seem to take advantage of those settings. For example, I can't use >> Firefox to connect to internet sites without manually setting the proxy >> in the browser. Likewise, TemplateVMs with the same routing can't >> update. > > Might depend on how that corporate proxy is configured. For example, if it > requires authentication. How friendly/linux savvy are the people who admin > it?
I'm the first person to run anything non-Windows in this network, so this is new territory. It's a Squid 3.3.8 proxy for HTTP and HTTPS. The FTP proxy is something else. There are no usernames or passwords required for the proxy. They gave me all the settings and told me to work it out if I want to use Qubes, so that's what I'm trying to do... >> Should I instead be making these iptables settings in a ProxyVM, and >> connect like: AppVM/StandaloneVM/TemplateVM > ProxyVM > sys-firewall > >> sys-net? > > This would be my approach for flexibility but either should work. All the documentation I'm seeing makes me think it should work as well. I'm not looking into the option of setting environment variables on each template to see if that might work. So far the only other option that has worked is to manually set the proxy in each piece of software, in each AppVM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bc84b6ebf3f6d04aeb09afbe8639f3c2%40riseup.net. For more options, visit https://groups.google.com/d/optout.
