Cant get the Http-filtering proxy to work

29 views
Skip to first unread message

Finsh

unread,
Jul 27, 2017, 10:43:26 AM7/27/17
to qubes-users
Hey Guys,

im trying to get a http-filtering proxy in a firewall vm to work for my Email-appvm.
The reason is im using a google-mail account, so i cant use the normal firewall resolving to ipadresses.

I followed the tutorial to the letter, and as far as i can tell, everything worked fine, the script can properly recognize the rule files,
when i run " sudo /rw/config/tinyproxy/proxyctl.py show " everything is as expected.
Name IP Interface Proxy_Pid
privatmail 10.137.6.19 vif10.0 1265

However, when i configure thunderbird to use the firewallvm proxy settings, the complete internet connection is blocked.

I set the Thunderbird-networksettings like so:

Port 8100 Http-proxy: 10.137.5.1 (which is the gateway of the firewall-vm)

the firewall-rules of the email-vm i set to "deny network access except..." and unchecked "allow ICMP traffic" and "allow DNS queries"

i tried everything i could think of, but just couldnt get it to work :(.

Help is much appreciated

cheers.

Unman

unread,
Jul 27, 2017, 11:36:21 AM7/27/17
to Finsh, qubes-users
I dont understand what you are trying to do here - that tutorial is for
setting up a http-filtering proxy using tinyproxy.
I'm not convinced that tinyproxy offers what you want, which is a fully
featured proxy server - that's on the assumption that you're trying to
use IMAP SMTP at gmail. I could be completely wrong about this.

If you want to test your current set-up the simplest thing to do would
be to set a proxy in firefox, and see if you can access web sites by
name and by IP address.
Depending on what filtering rule you have you should see content or see
a message from tinyproxy.

You should be able to see the traffic on your firewall, so you can
understand what is happening.
A combination of iptables -L -nv and tinyproxy logging should help you
understand what's going on on the firewall.

That way you will be clear that you have the proxy set up and working
properly.

unman

Finsh

unread,
Jul 27, 2017, 12:37:39 PM7/27/17
to qubes-users
Hey, thanks for your answer.Maybe i understood the purpose wrong, my english is horrible ;(.

What im trying to achieve is to be properly able to use my gmail account along with the others in one email-appvm, with tight firewallrules which only allow traffic with the email-provider-servers.
But since the firewall resolves to ipadresses, an the gmail-server-ipadress changes frequently , this doesnt work with gmail( it does just fine with all my other accounts though)


cheers

Reply all
Reply to author
Forward
0 new messages