How to have LAN access but not internet access?
259 views
Skip to first unread message
gal...@gmail.com
May 26, 2016, 8:50:09 AM5/26/16
to qubes-users
Hello.
I've been using qubes for a few days now and am getting used to the way things work. I want to make a VM that can access other computers in my house but not the internet and I'd like to know how to do this.
My router assigns IP addresses in the range 192.168.0.xxx to all my computers.
Qubes assigns IP addresses in the range 10.137.xx.xx to my VMs.
My home network has a couple of servers that share files, these servers run ubuntu and and I can mount the shares from a quebes VM as long as I use the IP address of the server. How do I stop the VM seeing and being seen by the internet?
Thanks for reading.
Unman
May 26, 2016, 12:00:12 PM5/26/16
to gal...@gmail.com, qubes-users
Read the docs on the qubes firewall. To restrict traffic to the local
network open the firewall tool from Manager, and then set:
Deny network access.
Add rule allowing traffic to 192.168.0.xxx. (You can either allow all
traffic or restrict to the ports that you use on the local network.)
unman
Andrew David Wong
May 26, 2016, 11:41:45 PM5/26/16
to Unman, gal...@gmail.com, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
unman is right. Also, if you want to enable access to the entire CIDR
block, then deny all access except "192.168.0.0/16". This should be
equivalent to deny all access except to the range
192.168.0.0-192.168.255.255.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXR8HaAAoJENtN07w5UDAw3UgP/RiV17Zaz4gqDGZndxtCaip8
x+LihAvxemArKFMFjjgcggxbKLP2+kjZqkDCUKoPLg0jin3wnXUy3ntfze4O0JCE
d6woT1kZCggRuhjYxoYxLXhKPA5umoUkCV4oc+oOUkMcOWOFpG55A6dj08FtvmX1
WhMVRRP+FHQMLxJPNd60evFho6OXmXDTIdhdrNwSKXP4XSapIj0OB3odQeFa7+P7
sv5BA3bYN/c9HkrETASuw3capgRDFcRsQK01npKC2N8yEdajs8LWPZ3IAy6H12zK
OXNktQJvtSu8wHfgzUGhn7MqrNWk9Y872nYRMtrUiRlgPLc6xc1ZpKQdItmkzTEj
uiSTehRz8khvFOVdxCt6nxpq8zbucnjNs6OUgKkWOSYwh3hrffu1NAUIW6GojDrl
GFgdbnNu+fTCU3qgtZc+rlKy+hjiGxWXkVKVJF0+PFHoAhUd2aWTHZwbfmGRVbd6
BeQVHTW80+uZyxIjg7V+bdlsN2TKI2kxCCozE/csa/6PhegRLTokZrmzSHeo8Zdy
8vj5fH01Gj8WRXmAqECAlkuE/PBbUTOd6OaXl8EsdaSGob76PV/6kPHqJzQF/ny6
Y/6D8ak/9JjR9KKFfAh8TEggtrIJ7S3oBnWYFv8v3hSo6cnGmo0hjz0HtlpWhmjN
jvAFV7aDu95FO1dNqZst
=phFS
-----END PGP SIGNATURE-----
Hash: SHA512
block, then deny all access except "192.168.0.0/16". This should be
equivalent to deny all access except to the range
192.168.0.0-192.168.255.255.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXR8HaAAoJENtN07w5UDAw3UgP/RiV17Zaz4gqDGZndxtCaip8
x+LihAvxemArKFMFjjgcggxbKLP2+kjZqkDCUKoPLg0jin3wnXUy3ntfze4O0JCE
d6woT1kZCggRuhjYxoYxLXhKPA5umoUkCV4oc+oOUkMcOWOFpG55A6dj08FtvmX1
WhMVRRP+FHQMLxJPNd60evFho6OXmXDTIdhdrNwSKXP4XSapIj0OB3odQeFa7+P7
sv5BA3bYN/c9HkrETASuw3capgRDFcRsQK01npKC2N8yEdajs8LWPZ3IAy6H12zK
OXNktQJvtSu8wHfgzUGhn7MqrNWk9Y872nYRMtrUiRlgPLc6xc1ZpKQdItmkzTEj
uiSTehRz8khvFOVdxCt6nxpq8zbucnjNs6OUgKkWOSYwh3hrffu1NAUIW6GojDrl
GFgdbnNu+fTCU3qgtZc+rlKy+hjiGxWXkVKVJF0+PFHoAhUd2aWTHZwbfmGRVbd6
BeQVHTW80+uZyxIjg7V+bdlsN2TKI2kxCCozE/csa/6PhegRLTokZrmzSHeo8Zdy
8vj5fH01Gj8WRXmAqECAlkuE/PBbUTOd6OaXl8EsdaSGob76PV/6kPHqJzQF/ny6
Y/6D8ak/9JjR9KKFfAh8TEggtrIJ7S3oBnWYFv8v3hSo6cnGmo0hjz0HtlpWhmjN
jvAFV7aDu95FO1dNqZst
=phFS
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages