How to configure firewall in QubesOS to run KDE Connect?

User Support
1

Hi,

I started running KDE Connect in HVMs (WIN11 and DEBIAN11) on QubesOS R4.1 - and it is awesome because I can transfer files very easily between all my devices (iphone, pixel, mac, and those HVMs). I do not get my firewall settings running in a way to connect KDE Connect properly through my firewallVM and netVM - I need port forwarding from netvm to HVM on ports 1714:1764 udp/tcp - and that is a lot of tweaking. So I attached a WIFI usb to my HVMs and opened up a hotspot (very simple). Then I connect the device I want to share files with to this hotspot - works like a charm! I could even copy those files from my WIN11 HVM to other appVMs :wink:

Now I want to integrate it to make it available for general use in QubesOS - to my concern it would be ok to run KDE Connect even in my netVM (it is disposable). I would open KDE Connect transfere files to or from a given device in my home network to or from netVM and would be able to move those to or from a desired appVM.

Has anyone been able to set this up a appVM in qubesOS? If so would you please share how you set it up?

Best regards

2

interesting for me too,

3

So I just figured it out myself. It was actually pretty simple:

  • Creat appVM (HVM) based on debian11 template containing the install of KDE connect (NO network connection needed!!!).
  • Pass wifi device through to appVM.
  • Enabled network-manager in services.
  • Start appVM and configured hotspot that starts automatically.
  • Configure the firewall in appVM as follows (Firewall | Qubes OS):
[user@B ~]$ sudo bash
[root@B user]# echo "iptables -I INPUT -s <ip of device that is connected to the hotspot> -j ACCEPT" >> /rw/config/rc.local
[root@B user]# chmod +x /rw/config/rc.local
  • Restart appVM.
  • Connect device and start using KDE Connect.

Works super smooth for me - nice integration for all my devices (MacOS, iOS, Android, WIN10/11)!!!

P.s.: If you want to connect a device just temporarily use the following cli command in appVM:

sudo iptables -I INPUT -s <ip of device that is connected to the hotspot> -j ACCEPT