qubes-mirage-firewall chaining
47 views
Skip to first unread message
qmirfw
Apr 8, 2019, 6:20:13 PM4/8/19
to qubes-users
Hello,
I got the qubes-mirage-firewall working in a simple
sys-net --> sys-mirage-fw --> disp1234
situation, but when I wanted to include it in my normal chain, as in
sys-net --> sys-mirage-fw --> sys-firewall --> AppVMs
my AppVMs can't access the network.
Is this supposed to work?
In Xen console of the mirage firewall I can see the linux firewall connecting, but then lines like this:
WRN [client_net] Incorrect source IP 10.137.0.45 in IP packet from 10.137.0.12 (dropping)
Thanks
I got the qubes-mirage-firewall working in a simple
sys-net --> sys-mirage-fw --> disp1234
situation, but when I wanted to include it in my normal chain, as in
sys-net --> sys-mirage-fw --> sys-firewall --> AppVMs
my AppVMs can't access the network.
Is this supposed to work?
In Xen console of the mirage firewall I can see the linux firewall connecting, but then lines like this:
WRN [client_net] Incorrect source IP 10.137.0.45 in IP packet from 10.137.0.12 (dropping)
Thanks
Thomas Leonard
Apr 9, 2019, 4:59:19 AM4/9/19
to qubes-users
What is the IP address of sys-firewall and the AppVM? It sounds like mirage-firewall got a packet from sys-firewall with source address 10.137.0.45, but it thinks that sys-firewall should have the IP address 10.137.0.12 (and be doing NAT on behalf of its clients).
Reply all
Reply to author
Forward
0 new messages