Re: GSoC Port Forwarding
Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
22/08/2021, 00:30
Frédéric Pierret <frederic.pierret@qubes-os.org>

On Sat, Aug 21, 2021 at 12:08:55AM +0200, Giulio wrote:
> Hi,
> as an addendum to the previous email, the problema was the fact that the
> first rule to match in the qubes-firewall table, forward chain was:
> iifname !="*vif" accept
> By moving that to the end of the chain, the attached one is the new
> trace which makes a lot more sense and increase the counters.
> However, I still cannot see any traffic reaching the next hop.

Check if that isn't iptables blocking it. By default it does block new
connections coming from outside. I initially thought it would interfere
only at the final hop, but maybe at an earlier too...

-- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab