On 12/12/20 9:17 PM, unman wrote:
On Sat, Dec 12, 2020 at 02:47:49PM -0500, Stumpy wrote:
On 12/11/20 9:22 AM, unman wrote:
On Fri, Dec 11, 2020 at 08:56:20AM -0500, Stumpy wrote:
Is there a way to ftp to another computer on my LAN from a appvm that is
using a proxyvm?
I am able to ftp to other computers when I set this appvm to just use the
default firewall, but sometimes I forget to set it back to use a vpn vm; but
if I have the appvm using the vpn/proxy vm then I am unable to reach any of
the other computers on my LAN?
Please advise
Yes - you need to adjust the firewall rules on the vpn qube to direct
(ftp) traffic from the source ip to the local network - you could make
this *highly* specific by specifying the destination in the new rule.
pardon my ignorance but how would I do that? I know it would be in settings
-> firewall settings but after that it gets a bit fuzzy?
Well, you cant do it there, because you need to adjust the firewall
rules implemented ON the vpn qube.
What method are you using to set up the vpn?
I used the new community vpn setup
Right - but there are 2 methods outlined on that github page (if that's what
you mean by community vpn) - 3 if you include "vpn on sys-net". Did you
follow the "iptables and CLI scripts" section?
There's an added issue that you will have to consider and that is the
nature of FTP connections - when a client connects to a server, the
server may create a link back to a port specified in the original
connection: this is non-passive(active) ftp. If your FTP server does
this then you will have to enable a route through to the client qube.
The client may instead send a PASV command - then the server *may* send
back a listening port number, and the client will create a link to that
port.
So there are 4 possibilities, and the firewall rules you need will
depend on what are the capabilities of the server. Best check on that.
Thanks unman,
I used the Qubes OS contributed package "qubes tunnel".
I am not sure about my server, is there a "standard" way to check that?
(the server is running unraid, which is/was based on slackware so am
hoping there might be a way to check that would work on most distros?).
For the iptables and cli scripts part, would that still apply to using
the "qubes tunnel" setup option?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f227bb4d-f576-8155-2683-90c1e0692b0d%40posteo.co.
