How do i configurate my firewall
60 views
Skip to first unread message
Hans Fischer
Jan 20, 2016, 2:54:38 PM1/20/16
to qubes...@googlegroups.com
Hallo Qubes-Team,
I created a proxy VM to login into a openVPN network. Than I looked for
Firewall/iptables rules to prevent the proxy VM from leaking my realy
IP. I found this: https://github.com/adrelanos/vpn-firewall. I installed
it all correctly and it worked for the proxy VM.
When I start the script all internet is gone except the possibility to
connect to my vpn provider. When the vpn connection is established, all
internet applications work again. No problem, all fine.
But I lost the default qubes iptable/nat rules so my other vm, using the
connection from the proxyVM cant connect to the internet. I have both
scipts here. First, my VPN-Firewall script. Second, the default qubes
rules saved with iptables-backup.
Could you guys tell me, how I have to change the vpn-firewall script in
order to use the proxyVM again as proxy and prevent it from leaking my
real ip when the vpn connection drops?
Thank you all for your help, I attach the both scripts to this email.
Kind regards
Hans
I created a proxy VM to login into a openVPN network. Than I looked for
Firewall/iptables rules to prevent the proxy VM from leaking my realy
IP. I found this: https://github.com/adrelanos/vpn-firewall. I installed
it all correctly and it worked for the proxy VM.
When I start the script all internet is gone except the possibility to
connect to my vpn provider. When the vpn connection is established, all
internet applications work again. No problem, all fine.
But I lost the default qubes iptable/nat rules so my other vm, using the
connection from the proxyVM cant connect to the internet. I have both
scipts here. First, my VPN-Firewall script. Second, the default qubes
rules saved with iptables-backup.
Could you guys tell me, how I have to change the vpn-firewall script in
order to use the proxyVM again as proxy and prevent it from leaking my
real ip when the vpn connection drops?
Thank you all for your help, I attach the both scripts to this email.
Kind regards
Hans
bur...@gmail.com
Jan 27, 2016, 5:56:05 AM1/27/16
to qubes-devel, kon...@hans-fischer.com
The solution is easy when running openvpn in its own vm: Just block all /forwarding/ to the upstream interface and run the built-in qubes dns script:
https://groups.google.com/d/msg/qubes-users/TECXJ0lu73c/p-6TbSDJBAAJ
Shouldn't this be in qubes-users? :p
Reply all
Reply to author
Forward
0 new messages