How to setup NetVM based on fedora-24-minimal template to allow updates?
232 views
Skip to first unread message
CF
Feb 6, 2017, 8:22:40 AM2/6/17
to qubes...@googlegroups.com
Hello,
I am running Qubes 3.2 on a laptop smoothly for some days. Following
https://www.qubes-os.org/doc/templates/fedora-minimal/, I wanted to
replace default NetVM (sys-net) and ProxyVM (sys-forewall) based on
Fedora-24 by new ones based on Fedora-24-minimal.
Default minimal template works perfectly as a ProxyVM. Cloned template
with network device firmware and recommended packages effectively
provide an internet connection but does not allow updates of TemplateVMs.
As a workaround, it is possible to update those TemplateVMs using
sys-whonix as NetVM. Another workaround is to use the default netVM
based on fedora-23 while keeping the default fedora-24-minimal as firewall.
Any idea on how to setup the new NetVM to allow those updates without
those workarounds?
Thanks
I am running Qubes 3.2 on a laptop smoothly for some days. Following
https://www.qubes-os.org/doc/templates/fedora-minimal/, I wanted to
replace default NetVM (sys-net) and ProxyVM (sys-forewall) based on
Fedora-24 by new ones based on Fedora-24-minimal.
Default minimal template works perfectly as a ProxyVM. Cloned template
with network device firmware and recommended packages effectively
provide an internet connection but does not allow updates of TemplateVMs.
As a workaround, it is possible to update those TemplateVMs using
sys-whonix as NetVM. Another workaround is to use the default netVM
based on fedora-23 while keeping the default fedora-24-minimal as firewall.
Any idea on how to setup the new NetVM to allow those updates without
those workarounds?
Thanks
Dominique St-Pierre Boucher
Feb 13, 2017, 3:00:40 PM2/13/17
to qubes-users, cedric....@gmail.com
Hello,
I have the exact same issue!!! Tinyproxy does not seems to work correctly and I never worked with TinyProxy before.
Please Help
Thanks
Dominique
Unman
Feb 13, 2017, 5:59:16 PM2/13/17
to Dominique St-Pierre Boucher, qubes-users, cedric....@gmail.com
of many of the netvm packages. I assume you worked around this issue.
The obvious places to look are:
"iptables -L -nv" to ensure that you have an INPUT rule allowing traffic
to the tinyproxy.
And "systemctl status qubes-updates-proxy" to see what the status of
tinyproxy is.
Look at those outputs and you may be able to see the problem.
unman
Unman
Feb 13, 2017, 6:41:55 PM2/13/17
to Dominique St-Pierre Boucher, qubes-users, cedric....@gmail.com
version number, and it works fine.
Don't forget that you have to enable the qubes-update-proxy service:
qvm-service <qube> -e qubes-update-proxy
Dominique St-Pierre Boucher
Feb 13, 2017, 9:04:17 PM2/13/17
to qubes-users, domin...@gmail.com, cedric....@gmail.com, un...@thirdeyesecurity.org
What do you mean, forcing install by version number?
I looked into the difference between the minimal and the full version of the template... Missing the tinyproxy.conf file and missing 2 lines in the iptables:
-A PR-QBS-SERVICES -d 10.137.1.254/32 -i vif+ -p tcp -m tcp --dport 8082 -j REDIRECT
-A INPUT -i vif+ -p tcp -m tcp --dport 8082 -j ACCEPT
Did I missed a step somewhere?
Thanks Dominique
Dominique St-Pierre Boucher
Feb 13, 2017, 10:01:27 PM2/13/17
to qubes-users, domin...@gmail.com, cedric....@gmail.com, un...@thirdeyesecurity.org
Got it!!!
The package qubes-template-minimal-stub prevent the install of tinyproxy.
In order to do that, you have to install with the full package name:
sudo dnf install tinyproxy.x86_64
I don't know if you have to do something else but it worked for me!!!
Dominique!
Reply all
Reply to author
Forward
0 new messages