> ** Offline Windows **
>
> The best feature of `qubes-windows-tools` is that you can use Windows
> offline with networking completely disabled. Without QWT, the best you can
> do is have strict firewalls everywhere but especially on your proxyVM.
>
> The only traffic that is necessary for this setup (in proxyVM):
> iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -A FORWARD -i vif+ -s <workVM IP> -o vif+ -d <win10 IP> \
> -p tcp --dport 3389 -m state --state NEW -j ACCEPT
>
> Drop all other windows outbound traffic entering proxyVM:
> iptables -A FORWARD -i vif+ -s <win10 IP> -j DROP
> iptables -A INPUT -i vif+ -s <win10 IP> -j DROP
>
> Some other ports that you may require:
> WSUS: tcp 8530-8531
> KMS: tcp 1688
>
Samba is a mess: tighten with -s and -d
>
I am having an issue trying to get these scripts to work in my
cloned-sys-firewall qube. I have got the two qubes communicating between
each other using the scripts here
https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes
but I am not able to get the Offline Windows section to work properly. I
am getting the following error in my WorkVM Terminal "failed to connect to
<IP Address>"
I inputed the first three lines in /rw/config/qubes-firewall-user-script
and I inputed the 2 last iptables lines in /rw/config/rc.local in my
cloned-sys-firewall qube and obviously changing my IP addresses. Any ideas
as to why its not connecting?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/339d46bc-6d0d-4168-8d67-cd91abe4836e%40googlegroups.com.
