On Fri, Oct 25, 2019 at 08:04:55PM -0500, Verifiable List wrote: > Hello All, > > I use Mullvad as my VPN provider. They allow you to forward a port through > the VPN. However, I'm having a hard time wrapping my head around how to get > this to work with Qubes OS. This is what the network chain in question looks > like: > > AppVM > ProxyVM (VPN Client Here) > sys-firewall > sys-net > Internet > > Because the port is being forwarded through the VPN tunnel, I expected it to > be accessible from the ProxyVM without altering the configurations on > sys-net or sys-firewall. However, after enabling the port forward on Mullvad > and testing as described in their documentation: > > - In a terminal window, run netcat -l -p <port> > - In another terminal window, run curl > https://ipv4.am.i.mullvad.net/port/<port> > - If everything is working properly, the result will show "reachable:true". > > the result is always "reachable:false". (Note: I'm running this test on the > ProxyVM itself.) > > Any assistance would be appreciated. > > Thank you. >
If you look at the firewall rules I suspect that you will find that the inbound rule only accepts connected traffic, whereas this would be NEW. Certainly on the appVM you will need a rule to allow inbound traffic to the target port. I don't know the detail of how Mullvad deals with port forwarding, but you should be able to identify the port that is accessed (this may not be the same as the target on the appVM). I assume that in the documentation you will find a reference to what firewall ports you need to open on the ProxyVM for inbound traffic. It's *possible* that you'll have to open inbound ports on sys-firewall AND sys-net in the forward chains,depending on the implementation. Check the Mullvad docs. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191027151008.GB11475%40thirdeyesecurity.org.
