On Sun, Jan 31, 2021 at 02:25:19PM -0800, Josefa Hays wrote: > I have a service on LAN multicasting UPnP, port 1900. Other devices on > LAN discover the service without problems. My AppVM does not detect it. > > Packets from the server looks like "protocol: UDP, port: 1900, source > ip: $SERVER_LAN-IP, destination ip: 239.255.255.250" > > How do I make the UPnP multicast reach an AppVM, i.e. how do I forward > the traffic on port 1900 to the relevant VM? > > I have played around with > https://www.qubes-os.org/doc/firewall/#port-forwarding-to-a-qube-from-the-outside-world > but without success. I am not completely new to IPTABLES, but somehow I > lost a point somewhere. When should I use 239.255.255.250 as destination > in iptables commands and should I use the IP of sys-firewall/app-vm. > > (this is quite a replica of > https://groups.google.com/g/qubes-users/c/BrbVe6s0aqE/m/ZsGKsMruCAAJ > that didn't receive a follow-up answer) > > > Best regards, > Jo >
It would be helpful if you were to post the commands that you used (*showing where you ran them*), and what "without success" means. I'm working blind here. I'm assuming that the netvm has an address on the 239.255.255.250 network. You don't use this as the destination address for anything. On the netvm : a rule to forward packets from $SERVER_LAN-IP, udp:1900 to sys-firewall. On sys-firewall: a rule to forward packets from $SERVER_LAN-IP, udp:1900 to the target qube. On the qube: a rule to ACCEPT INCOMING packets from $SERVER_LAN-IP, udp:1900 What template are you using for the sys-net, sys-firewall? If you provide the IP addresses for sys-net, sys-firewall and qube, I can walk you through the detail. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210202163646.GC12097%40thirdeyesecurity.org.
