On Tue, Oct 09, 2018 at 05:43:56AM -0700, jmarkdavi...@gmail.com wrote: > I am still having difficulty getting these vms to be reachable with each > other. Basically what I want to do is have a home security/automation vm, and > a freenas vm, communicate with the outside world and with the vm that > controls my access points/physical switches. > > Currently I have the usual sys-net/sys-firewall. Each service vm(access > points, freenas, etc.) Has its own firewall vm. Those fireall service vms are > all connected to sys-firewall. > > I followed the instructions in the qubes-firewall docs setting up forwarding > between the service firewalls to travel through sys-firewall. And each > service firewall vm(and their associated service vm), can ping every firewall > vm in the system. But the actual service vms themselves cannot ping each > other. > > So for example: freenas vm > freenas vm firewall > sys firewall > home > security firewall vm. > All will allow ping, but i cant get freenas to talk to home security vm, as i > intend on using the nas storage to store the camera footage. > > Similarly the home security vm can do the same amount of pings, but fails to > talk to freenas. > > I suspect NAT is the issue but lack the knowledge base to enable this to work. > > I am not particularly dead set on using all these firewall vms either but > this is the config thats gotten me the furthest so far. >
I'm not sure what pourpose you had in mind when putting in those extra firewalls. Undoubtedly they will complicate matters further. Are you intent on keeping them? What template are you using for sys-firewall? The instructions should be updated to cover nft which is now the default in Fedora templates, rather than iptables. Which template are you using for sys-net? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181010130059.kc7gqshrudxana7p%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
