Setting up firewall for mail and seeing traffic for individual appvms?
41 views
Skip to first unread message
Stumpy
Sep 17, 2017, 5:35:10 PM9/17/17
to Qubes users
One of the many things on my checklist is to setup some of my appvms
with proper fw rules. I thought I'd start with gmail that I use with a
mail client. I thought it would just be:
smtp.gmail.com
imap.gmail.com
and set it for smtp and imap services using tcp protocol.
Afaik those are the two servers that the client connects to, its what I
have set in my client but it seems I haven't set something right because
the client can't send/recive anything.
So two questions:
1) Is there something I am missing with the above settings and
2) Is there a way I can see the incomming/outgoing traffic for this one
appvm? (which I am guessing would help give me a better idea of what
servers/addresses I need to add to my firewall).
with proper fw rules. I thought I'd start with gmail that I use with a
mail client. I thought it would just be:
smtp.gmail.com
imap.gmail.com
and set it for smtp and imap services using tcp protocol.
Afaik those are the two servers that the client connects to, its what I
have set in my client but it seems I haven't set something right because
the client can't send/recive anything.
So two questions:
1) Is there something I am missing with the above settings and
2) Is there a way I can see the incomming/outgoing traffic for this one
appvm? (which I am guessing would help give me a better idea of what
servers/addresses I need to add to my firewall).
Stumpy
Sep 17, 2017, 5:36:46 PM9/17/17
to Qubes users
except" raido button chked
Stumpy
Sep 17, 2017, 5:46:59 PM9/17/17
to Frosty, Qubes users
On 17.09.2017 23:41, Frosty wrote:
> Hi Stumpy,
>
> Are you using sys-whonix to enter the internet? If yes you probably
> have to open port 9000 on the firewall, because tor traffic goes
> trough port 9000
>
>
> Regards.
Thx 4 that.
in This case I am not using whonix but I did plan on setting up some of
my whnx appvms/firewalls later so that might come in handy.
Regarding ports, is there a GUI way to add ports, ie vm manager ->
firewall dialog box, or does that require editing ip tables?
Cheers
Unman
Sep 17, 2017, 7:45:14 PM9/17/17
to Stumpy, Frosty, Qubes users
One problem that you face is that those names map to a number of
different IP addresses.
When you use a name in the firewall editor it is resolved when you set
up the rule to 1 IP address. You should therefore make a note of the IP
addresses and use them in the editor.
The entries you make here are reflected in the FORWARD chain of the
proxy upstream. You can inspect these by opening a terminal in that qube
(e.g sys-firewall) and using 'iptables -L -nv' - look in the FORWARD
chain and you sill see entries for the mail qube. You should also be
able to see the counters incrementing when you try to make a connection.
unman
Stumpy
Sep 18, 2017, 9:01:30 AM9/18/17
to Unman, Frosty, Qubes users
Thx for the detailed explaination/howto. I will def give those a try!
Cheers
Reply all
Reply to author
Forward
0 new messages