Hello,
I Can’t find it in documentation.
What is “Internal” in Qubes Manager?
And how can I disable local IP? I don’t want local access to my machine.
Thank you very much
“Internal” is a flag that can be set through qvm-features.
Once set, it should mean that qubes with this set do not appear in the
Qubes menu, and can be hidden in the Qube Manager.
Currently, this is completely broken, but the flag can still be set and
can be useful.
I’m not sure what you mean by this.
If you mean that you dont want other machines on your network to be
able to access Qubes, then it is sys-net that is on the local network
and by default other machines on the network cannot open inbound traffic
to sys-net.
If you don’t want this, disable or remove sys-net.
If you mean that you don’t want qubes to have a local IP because you don’t
want them to be accessible from the local network, this is the
situation by default.
You have to take specific steps to open up a qube to external traffic.
If you mean that you don’t want qubes to have a local IP because you don’t
want them to be accessible from other qubes, this is the situation by
default.
You have to take specific steps to open up a qube to traffic from other
qubes.
If you mean that you don’t want qubes to have a local IP at all, then
remove the netvm setting. Without netvm set, qubes have no eth0. This is
the case for the vault qube, for example.
If you meant something else, or you want more detail, ask.
I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.
2 Likes
Really thank you for wide reply. I understand.
But in the case when I want to have local (internal) IP to have connection between qubes, but don’t want to access to the internet then I should prepare separate qubes for example sys-net-local and somehow remove gateway to the internet?
Why do I need that? For example NAS server, gpg-server for a keys and so on.
No need, there are tools available. What kind of connection do you need?
You can see an example here which works by opening TCP ports: Guide: split-Protonmail (offline send/receive qubes + pm bridge vm)
Good topic. I will take a look closer and prepare similar solution, but my case is a little bit different case.
In provided link author of the post need internet to grab emails over the proxy.
In my case I want to setup for example local service listening on 10.137.0.22:8080 and don’t have there internet access. Only local subnet.
And on qube2 I want be able connect to this local ip for example:
telnet 10.137.0.22 8080
So two qubes should be in the same local subnet. Qube1 (without internet access), Qube2 (with internet access). But both in the same local subnet.
Instead of all that, why not leave Qube1 without a netvm and then setup a qrexec policy that allows data transfer between the two qubes?
If you could be more specific with your needs, there may already be a solution available.
1 Like
Thank you so much! I will take a look on documentation. Looks promising 