i am trying to create a local network in Qubes, so a few qubes can use a central git repo.
For this purpose i created a server and a client qube, with the server being the NetVM of the client. Pinging works fine, but as in this post
i was not able to wget/open a test website i set up on the server due to “no route”. Opening all the ports like described there didn’t help either, but no restart of dom0 was tried.
Is a virtual local network possible within Qubes in a secure way or is it just not designed to do it due to security implications?
Also using rpc seems to only work one way, so that would not work for git if i don’t misunderstand it.
Don’t restart dom0 - it’s almost never needed.
In the case you have outlined, you simply need one rule on the server. iptables -I INPUT -p tcp --dport 80 -j ACCEPT
Where the server has IP address 10:137.0.X, and you have bound the
webserver to that address (important), then on the client,
http://10:137.0.X is sufficient.
I don’t know what you mean about rpc being one way - qubes-rpc processes
(can) run both ways, and split-git, like split-gpg and split-ssh is
simple.
As always, the documentation is helpful: take a look at