1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 |
- <html>
- <head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <title>Re: GSoC Port Forwarding</title>
- <link rel="important stylesheet" href="">
- <style>div.headerdisplayname {font-weight:bold;}
- </style></head>
- <body>
- <table border=0 cellspacing=0 cellpadding=0 width="100%" class="header-part1"><tr><td><div class="headerdisplayname" style="display:inline;">Oggetto: </div>Re: GSoC Port Forwarding</td></tr><tr><td><div class="headerdisplayname" style="display:inline;">Mittente: </div>Giulio <giulio@gmx.com></td></tr><tr><td><div class="headerdisplayname" style="display:inline;">Data: </div>14/07/2021, 18:27</td></tr></table><table border=0 cellspacing=0 cellpadding=0 width="100%" class="header-part2"><tr><td><div class="headerdisplayname" style="display:inline;">A: </div>Frédéric Pierret <frederic.pierret@qubes-os.org>, Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com></td></tr></table><br>
- <div class="moz-text-flowed" style="font-family: -moz-fixed; font-size: 14px;" lang="x-unicode">Hi,
- <br>
- <br>Il 14/07/2021 17:40, Frédéric Pierret ha scritto:
- <br><blockquote type=cite style="color: #007cff;">Giulio,
- <br>
- <br>Generally looks good. Do you have already some testing and working case?
- If yes, can you please provide few steps here (that would be also good
- for doc later).
- <br>
- <br></blockquote>
- <br>I've tested again the code that I added during the refactoring and made
- a couple of chanegs to make it work. I have not written any test yet,
- however at this stage you can test manually with the following commands
- in dom0:
- <br>
- <br>- # qvm-firewall <domain> add action=forward forwardtype=internal
- srcports=443-443 dstports=8443-8443 proto=tcp
- <br>
- <br>This command should add an internal forwarding rule. In pratice, as of
- now, the rule should be visible with the correct attributes running
- "qvm-firewall <domain>". Furthermore, the added rule should be present
- in the <i class="moz-txt-slash"><span class="moz-txt-tag">/</span>var/lib/qubes/appvms<span class="moz-txt-tag">/</span></i><domain>/firewall.xml file too and be
- correctly represented. Lastly, in the untrusted_qdb of <domain>'s netvm
- there should be an entry containing the added rule in the forwarding
- base dir.
- <br>
- <br>- # qvm-firewall <domain> add action=forward forwardtype=wxternal
- srcports=80-80 dstports=8080-8080 proto=tcp
- <br>
- <br>This command should produce almost the exact outcome as the first one.
- However, in this case, a specific forward rule containing the ip address
- of the next hop should be present in the untrusted_qdb of each vm in the
- network path until the last vm where netvm is None (and thus is expected
- to have some kind of different interface such as eth).
- <br>
- <br>Clearly, the port forwarding itself cannot be tested until the proper
- handling of the relevant rules is added to the core-agent-linux. I am
- now working on that and I expect to have something to test more in depth
- in about a week.
- <br>
- <br>Cheers
- <br>Giulio
- <br></div></body>
- </html>
- </table></div>
|