ashleybrown...@tutanota.com wrote on 2/14/19 6:28 AM:
When I look at /etc/resolv.conf in the following VMs it says different things:
1) Normal AppVM:
nameserver 10.139.1.1
nameserver 10.139.1.2
2) Sys-firewall VM:
nameserver 10.139.1.1
nameserver 10.139.1.2
3) Sys-net VM:
[actual resolvers]
The chain for DNS packets is obviously AppVM -> Sys-firewall -> sys-net
However, what I don't undersatnd is that 10.139.1.1 does not exist. That is not
the IP address for any VM on the network. This canĀ be verified in Qubes
Manager looking at the IP column. In addition, 10.139.1.1 refers to different
VMs depending on the VM sending the packets. In AppVM it routes to
sys-firewall. In sys-firewall it routes to sys-net.
So, my question is how does all of this work? Where exactly does any request to
10.139.1.1 route to the actual connected VM. Looking at IP table rules I do not
see where traffic sent to 10.139.1.1 goes to [sys-firewall IP here] for
example. It appears to be doing it all magically, so where is the magic?
The magic is in NAT rules (but I had to research this too.) See
https://www.qubes-os.org/doc/networking/, and "sudo iptables -t nat -L"
in sys-firewall and sys-net.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/42007cbd-b403-c239-25cc-78f1d7ac37f5%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.
