-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
putnam:
> I wonder if anyone can help me to create a reverse shell on
> one AppVM (which is connected to sys-firwall) from an external
> ip address.
>
> First, I'm using a VPN and netcat to test the connection like
> this:
>
> Qubes Debian-9 AppVM:
>
> `nc -nlvp 443`
>
> On remote machine:
>
> `nc -nv 10.11.0.100 443` # 10.11.0.100 is my ip on tap0.
>
> I've tried:
>
> - Using `sys-net` as NetVM.
>
> - Using `sys-net` as NetVM and flushing iptables in both
> sys-net and Debian-9 AppVM.
>
> - In qubes-manager firewall: "Allow network access except...",
> "Allow ICMP traffic", and "Allow DNS queries" all checked. No
> exceptions listed.
>
> I just can't seem to get this reverse shell to work no matter
> what combination of the above I do. I've tried both with
> `netcat` and with `ncat` explicitly allowing the remote
> machine.
>
Well I figured it out by looking here:
https://www.qubes-os.org/doc/firewall/
In AppVM run:
`sudo iptables -I INPUT -s <IP Address of remote machine> -j
ACCEPT`
Now netcat can connect from remote machine to listening port on
AppVM.
- --
putnam | 0xE910A14357F33056
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJYTf3/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQyOEFEMjgzMUIyQjU4MzdFN0I5Q0NGMzdF
OTEwQTE0MzU3RjMzMDU2AAoJEOkQoUNX8zBW7wQP/i3f0CTN4LGdGgUrQZjEj3h6
A67hSa/FK7RPi0iO9fVgOtOi0fTbTi+gyKf3MG67dLmBw0BNo+HiqUj0yKgLxFyX
Rdb04t8Dabq7xMWYg/DwN5huR02gyy7pKA/mnPoerpZr+bQRQ45z2omud/FAt9xN
DWnJH/9M9mjMitudc3SQX0vLuT9TucXJfA3Dzm5sdarBnbhKCclqHVOKQynw0eHl
6Fhl2+7t42FkxGuRtFcYcgi9fGXVE17MUzDh3PCjMVRi1HXxAyx4ukZOHmqzvzN0
tDWExDL9XBXvxhacciNacFZUHATC8DhtDYuYqrOtn7CPYyy4B51HxFkjj77kupVq
4ohe9y4EDUaNszEXzcxQOWvhBiz9ZlQM5V0/8+CQu9+BiS0vKwBDjL0z1W8NXog7
v7FSQOat6pXV+qxJGY0/jdtByxpgxQshm4rXac81HGV7vKp9PI8DoeQ6y/PS/iV7
o01cBEdbQvkNteqRu1oc98MYxwWPX6b6BdQ0k0w6K/qv7lEnl4VXhuVGu+gjnqBd
VIYuq2oHM0FA1z6q5WeRR+xUeqOyjIl/xk+6slLu0Uxf12oENAldw/5PS7hsY1u4
0GpJMcmG5SEnHxye7xJyOZTMOp+YGZLrFD1qt4xUpwOsw6RZY6dFW3r4qxfwICWf
QzUdEARpKAkEAnp+i6/2
=hQQS
-----END PGP SIGNATURE-----