How to split into two gateways

[Matt Drez]

Hey guys,

I'm working on my 2nd qubes machine but this task I could never figure out on the first one to begin with.

Can someone please tell me if you were able to achieve the following?

- Have two NICs handling two separate sys-net

- Behind each sys-net their own firewall

- behind the firewalls their own set of VMs.

I was able to handle the firewall rules and everything else but I cannot make it work to have 2 sys-net each handling a NIC separately. Can someone please tell me step by step how you achieved that?

Thanks a bunch!!!!

Matt

[Jarrah]

> Can someone please tell me if you were able to achieve the following?
> - Have two NICs handling two separate sys-net
> - Behind each sys-net their own firewall
> - behind the firewalls their own set of VMs.

Yes, the machine I am on has this setup.

Both sys-net VMs have a dedicated NIC PCI passed through to them. They
each have a sys-firewall, which each has VMs on it.

I cloned the original sys-net, but if you follow the instructions for
creating a new one, it should work fine.

> I was able to handle the firewall rules and everything else but I cannot make it work to have 2 sys-net each handling a NIC separately. Can someone please tell me step by step how you achieved that?

Try just doing the passthrough first. If you can get the NICS to show up
in `lspci` in the two sys-nets and configure networking so you can ping
out.

Command to attach the NIC: `qvm-pci attach sys-net2 dom0:<PCI-address>`.
PCI-address can be found in the output of `qvm-pci`.

[Matt Drez]

> Try just doing the passthrough first. If you can get the NICS to show up
> in `lspci` in the two sys-nets and configure networking so you can ping
> out.
>

> Command to attach the NIC: `qvm-pci attach sys-net2 dom0:<PCI-address>`.
>

> PCI-address can be found in the output of `qvm-pci`.

Those are the exact steps I tried but no luck.


I have no problem passing the NIC to the gw and it shows up with lspci but it won't acquire an IP. The "funny" thing is that as soon as the sys-net starts the green light goes out on the the NIC. If I issue an `ip addr` command I cannot even see its MAC.


I even tried connecting the second NIC to a completely different network and router but made no difference.

[awokd]

'Matt Drez' via qubes-users:

Are you sure the second NIC works under Qubes, even by itself? Also, if
it's dual ports on a single card, try adding a separate physical NIC card.

--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

[Matt Drez]

> Are you sure the second NIC works under Qubes, even by itself? Also, if
> it's dual ports on a single card, try adding a separate physical NIC card.

Great thinking! That was one of the first things I have tried. And just to clarify the first NIC is integrated on the mobo and the second one is was added later into a pci slot. Both are single port NICs.

[awokd]

'Matt Drez' via qubes-users:

>> Are you sure the second NIC works under Qubes, even by itself? Also, if
>> it's dual ports on a single card, try adding a separate physical NIC card.
>
> Great thinking! That was one of the first things I have tried. And just to clarify the first NIC is integrated on the mobo and the second one is was added later into a pci slot. Both are single port NICs.
>

Might have missed it then, so the second NIC works by itself if you
assign it to the original netvm? If not, the drivers for it may not be
installed/loading correctly. Check sudo journalctl inside netvm for
messages relating to the NIC's init.