Connecting a usb nic and another laptop
Mark Eubanks
cez...@gmail.com
> I have created a NETVM and I have connect the usb nic to the vm and is working. It shows up in Connection manager and I can give it a static IP . So I've also connected a different physical laptop with a cross over cable to the usb nic going to the NETVM. Both nics are on the same network and I can ping from the NETVM to the physical but I don't get a reply from the NETVM. I can see both in both arp tables . Any ideas why the physical doesn't get a reply?
Sounds like its a firewall that blocks incoming connections which wasn't established first by an outgoing connection? Are there any firewalls between? It doesn't sound like you put a firewall between them, but on the other hand, the ping behaviour does on the contrary sound a lot like a firewall.
Also if moving a lot of files is your goal, perhaps you might want try www.Syncthing.net (free, open source). You will have to allow it through the firewall though, or alternatively do it on a separate connection like you're doing now.
Optionally if syncthing is running where internet is accessible, you can disable the global discovery in syncthing.
Mark Eubanks
> I have created a NETVM and I have connect the usb nic to the vm and is working. It shows up in Connection manager and I can give it a static IP . So I've also connected a different physical laptop with a cross over cable to the usb nic going to the NETVM. Both nics are on the same network and I can ping from the NETVM to the physical but I don't get a reply from the NETVM. I can see both in both arp tables . Any ideas why the physical doesn't get a reply?
I agree it sounds like a firewall but I see that it shows allow imcp traffic. What I'm trying to do is make Qubes a passthrough firewall.. so I need 2 nics on the laptop
Mark Eubanks
On Monday, September 4, 2017 at 8:15:29 AM UTC-4, Mark Eubanks wrote:
Mark Eubanks
cez...@gmail.com
Apologies for late reply, had a short leave for work.
I'm not the most knowledgeable on this topic, especially the Qubes firewalls. However I believe NetVM must have a default firewall too, to block unauthorized requests, otherwise it would be quite simple and too easy to attack the NetVM.
So it seems to me that the NetVM has a default firewall, (routor firewall behavior like), blocking unauthorized incoming signals.
To solve that (Assuming it is indeed the problem), I believe https://www.qubes-os.org/doc/firewall/ might be quite helpful, down in the port forwarding section. Here it seems you should be able to poke a hole for your connection in the NetVM.
You separated all this from your other networks right? As far as I know, it should be secure enough if this has no internet connection, while on a separate Qubes network.
Unman
run 'iptables -L -nv' on the netvm - look at the INPUT chain.
The incoming ping is dropped there.
In 3.2 each qubes has its own iptables rules in addition to those set upstream
by the firewall mechanism. You can customise these if you wish by
manipulation from /rw/config using rc.local and
qubes-firewall-user-script
unman
Mark Eubanks
thanks for trying