On Tuesday, 6 February 2018 15:04:52 UTC, Alex Dubois wrote: > On Tuesday, 6 February 2018 10:32:16 UTC, awokd wrote: > > On Mon, February 5, 2018 6:18 pm, 'awokd' via qubes-users wrote: > > > On Mon, February 5, 2018 6:01 pm, 'Tom Zander' via qubes-users wrote: > > > > >> If someone can figure out how to port-forward in 4.0, please do update > > >> the docs. I never managed to get that working. > > > > I see what you mean. If I follow > > https://www.qubes-os.org/doc/firewall/#port-forwarding-to-a-qube-from-the-outside-world > > on R4.0, I'm not getting past the first step of: > > > > Verify you are cutting through the sys-net VM firewall by looking at its > > counters (column 2) > > > > iptables -t nat -L -v -n [counters increasing] > > > > iptables -L -v -n [not] > > > > I wonder if it's an nft vs. iptables thing? Interestingly, this procedure > > works fine: > > https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes > > . > > I did this doc long long ago. 4.0 has a new networking model. I've just > upodated to v4, I'll review it... sorry...
OK, networking is working in R4rc4, I have it working fine with a dozen of VM + my intranet traffic at home routing through QubesOS. I've started to update the doc here: https://github.com/adubois/qubes-doc/blob/master/security/firewall.md I am about to do a pull request for this first update. I do not address the main part because I believe there is a bug with /rw/config/qubes-firewall-user-script not triggering on network change that I want to report and get an understanding on how it will be addressed. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4fd5212e-bf60-4216-b84c-2cf0d00f844c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.