Hi, I’m facing this problem I can’t ping my sys-net, wireshark inside sys-net sees these ICMP requests, but sys-net itself doesn’t respond to them, so I can’t open a server on sys-net and transfer information.
At the same time, there is an internet connection and sys-net itself works completely normally.
But any attempt to ping my sys-net does not give any results.
I also found out that if I push to another app-vm via usb any wifi receiver and connect to the same network, there will be the same problem, the wifi receiver will see ICMP requests but will not respond to them, although the addresses in wireshark are correct at 2 and 3 levels osi.
hi
icmp is blocked by the firewall
but it’s sys-net, no firewall rules on it, i’m right?
And how i can disable this firewall or reconfigure it?
To check the rules in the qube:
sudo nft list ruleset
To allow incoming IPv4 ICMP:
sudo nft add rule ip qubes custom-input meta l4proto icmp accept
To make it persistent add it in /rw/config/rc.local.
Also check this guide:
3 Likes
No.
sys-net is protected by the standard “internal” nft rules.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
1 Like