On Sun, 2020-04-26 at 22:15 +0200, dhorf-hfref.4a288...@hashmail.org
wrote:
> On Sun, Apr 26, 2020 at 09:17:10PM +0200, Olaf Klinke wrote:
> > it seems that some iptables rules are set on VM boot that redirect
> > port
> > 53 requests, but I can't get iptables inside the AppVM to divulge
> > these
>
> those rules should exist in your external netvm (sys-net), and point
> to
> the "real" nameservers as received by dhcp (or configured via
> netmanager).
>
> that way the individual appvms do not need to know about that part
> of external configuration.
>
> i have seen the rules get "lost" (actualy: point to useless IPs) on
> some kinds of external reconfiguration events.
> (like hard restarting the netvm of a vpn-vm)
>
>
Indeed.
root@sys-net# /sbin/iptables -t nat -S PR-QBS
Lists re-directions from 10.139.1.{1,2} to $MYROUTER
In sys-firewall the translation is trivial from 10.139.1.1 to
10.139.1.1 and likewise for the other nameserver.
So the reason for the absence of any rules in the AppVM presumably is
that all traffic is handled by sys-firewall? That would mean if DNS
lookup is wonky again, I'd start looking at sys-firewall rules.
Thanks for clarification.
Olaf
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/bcb88b23438f103fece367f208a90e9b1553cc21.camel%40aatal-apotheke.de.
