----- On May 11, 2020, at 10:16 AM, qubes-users qubes-users@googlegroups.com
wrote:
> Here is full summary of where I am at. Could someone please provide guidance
> with this? Thank you very much.
>
>
> Qubes OS version
> Qubes OS R4.0
>
> Affected component(s) or functionality
> Networking
>
> Brief summary
> I tried to separate everything into to two subnets meanings 2 NICs, 2 gateways
> (sys-net), 2 firewalls. Everything works on the network before the new gw and
> after it. All qubes can communicate to the firewall. After the gateway
> everything works properly on the physical network as designed and can get out
> to the internet if I connect any client other to it but the new gateway.
>
> The main gateway remains functional but the new one can't get on the network,
> hence the whole chain doesn't work.
>
> To Reproduce
> Steps to reproduce the behavior (I tried 3 different way, same results):
> First Version:
> Simply clone the main gateway from Qubes Manager.
>
> Second Version:
> From dom0 (as root) under /srv/formulas/base/virtual/machines/formula
> duplicate
> and edit the following two files: sys-net.top and sys-net.sls and run qubesctl
> state.apply qvm/sys-net2 to create a new sys-net from scratch.
>
> Third version:
> Create new stanadlone VM, mark "provides networking"
>
> Expected behavior
> My hope was that once I have a new sys-net I can just assign the other NIC to
> it
> and connect to the network just like the main gateway
>
> Actual behavior
> If I leave the advanced network manager on DHCP then the gw is not getting and
> IP from the server. (If I connect any other non-Qubes clients they get an IP
> right away). If I set the IP manually then it "takes it" but I still cannot
> get
> on the network, and can't get online.
>
> Additional context
> The physical setup is this: modem <--> pfsense firewall <--> Unifi Switch <-->
> Server Running Qubes
>
> The server has two built in NICs, one PCI and one WiFi. It might be important
> that if I assign all 3 (not in use) NICs to the 2nd gw then only 1 has a mac
> address. The other 2 show up as ens[0-9] but I don't see a mac
>
> The network is setup so that the main gw on Qubes is on the main LAN segment
> on
> the network. The 2nd gw has a designated VLAN setup
>
> Solutions you've tried
> 1) To make sure everything works on the server running Qubes and the network
> itself I used a live boot Linux and tried all NICs. Every NIC was able to
> connect to both the main LAN and the separate VLAN using both DHCP and manual
> IP settings.
>
> 2) As I listed above I tried cloning the 2nd gw from the main one and I tried
> creating from scratch
>
> 3) I tried editing the gw network settings though nmcli and the GUI
>
> 4) I booted the server with a Fedora 31 live USB, set network setting
> manually,
> copied out the /etc/sysconfig/network-scripts/ifcfg-interface-name and
> manually
> entered all those through nmcli
>
> Just to reiterate once more, the network setup outside of Qubes is 100%
> functional. If I connect any machines to any segment of network to any port on
> the switch they always work as intended.
>
> --
Hello. I have a similar setup but without a VLAN - never been a fan. I have a
4-port pfsense router (community edition on a Protectli appliance), a couple of
small unmanaged switches and a couple of ubiquiti APs. I cloned sys-net &
sys-firewall to, say, sys-net-play & sys-firewall-play.
My Qubes box has 2 wired NICs - one is assigned the default network, the other
play. I added a new DHCP scope to the pfsense for play (typical consumer class
c), tossed a couple of firewall rules on the pfsense box for both subnets to
prevent traffic between them. Each LAN has its own switch and AP.
>From my Qubes box, I can assign either network to any VM. In fact, I do just
>that to remote control some hobby gear I have on the play net.
I am wondering it you might need to use two wired NICs.
DG
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/105947273.20643.1589227917080.JavaMail.zimbra%40unseen.is.
