I want to do things like cast from Chrome to my chromecast and connect to servers on my LAN. How can I do this? I just want to set up one insecure domU for things like this.
The qube, that has your ethernet adapter connected (usually
sys-net), can access everything on its network like a normal GNU/Linux would be able to. Start from there.
You’ll need to apply firewall rules to forward chromecast between sys-net, qubes between your sys-net and your qube where you want to use chromecast (qube-chromecast).
It’s as if qube-chromecast is behind multiple routers with NAT and you need to configure them accordingly.
Running Chrome and chromecast is removing any “privacy” feature of using Qubes anyways.
Chromecast is relentlessly tracking you (and your neighbor’s) WiFi, apps, stream preferences etc.
But, I guess it is doable, if you open enough ports and protocols:
One of Chromecast’s components, the DIAL Service Discovery protocol, uses Simple Service Discovery Protocol (SSDP) version 1.1, which is defined by UPnP (Universal Plug and Play), to allow a DIAL client device to locate a DIAL server device running on the same network. The other component, the DIAL REST (representational state transfer) Service, is then accessed to query, launch or stop applications using HTTP (hypertext transfer protocol) requests from the client device to the server device. In the case of Chromecast, your phone, tablet or computer is the client and the Chromecast itself is the server.
I am not 100% sure how chromecast works, but i have the firm technical understanding that this statement is factually wrong.
In the worst case it removes any expectation of privacy from the used qube, not every qube on the system.
It is technically impossible for any app on a qube to scan your or any other nearby wifi if said qube does not hold a physical wifi adapter. With QubesOS it is not able to infere any information on running Apps or other streams from other qubes.
However, It may attempt to scan the LAN. You can restrict it from doing so with firewall rules of your upstream netvm. Restrict it only to your streaming target like your TV.
Even tho this i not the topic at hand, i want to give a quick answer to the title of the post: How do i see all devices on my LAN?
You can use
nmap to enumerate devices in a LAN.
sudo apt install nmap -y # or sudo dnf install nmap -y
Usage for a quick list of online devices:
nmap -sP <target>
For a typical residential wifi/LAN this should work:
nmap -sP 192.168.1.0/24
You may need to adapt the address from 192.168.1. to 192.168.178. or whatever you LAN range looks like. You find this information in your sys-net with
What I meant is that it puts you right there on the map, i.e. Google will know your present location.
Hold on, I was referring to the “apps” used on Chromecast, like Spotify, YouTube.
Well, I had a feeling that I should’ve said nothing, because my post could be misconstrued easily. And the info about the Chromecast protocols and ports is nothing more than “let me Google this for you”.
Thanks for your clarification.
I agree with you, that the privacy situation is pretty bad when using google services. However QubesOS gives you the tools needed to minimize exposure. Sorry for misinterpreting your post.