Hi @mmmm,
you need to forward LocalSend’s application port 53317 to your target qube. I am using below script named localsend_forward.sh from within sys-net:
#!/bin/sh
if_lan=<your LAN network interface> # see ip -a
ip=$(ip -f inet addr show $if_lan | sed -En -e 's/.*inet ([0-9.]+).*/\1/p')
port=53317
case $1 in
start)
qvm-connect-tcp ::$port
iptables -w -I INPUT 5 -d $ip -p tcp --dport $port -m conntrack --ctstate NEW -j ACCEPT
;;
stop)
pkill -f "socat TCP-LISTEN:$port"
iptables -w -D INPUT -d $ip -p tcp --dport $port -m conntrack --ctstate NEW -j ACCEPT
;;
*)
>&2 echo "usage: $0 start|stop"
exit 1
;;
esac
Execute this script on startup of sys-net, e.g. /usr/local/bin/localsend_forward.sh start. Then, add a policy for the target qube:
qubes.ConnectTCP +53317 sys-net @default allow target=<your-localsend-qube>
Btw: Has anyone figured out, how performance of LocalSend can be optimized when running in Qubes? It goes heavy on CPU for a minute or so after startup in the “Receive” tab. My guess would be unneeded networking polling requests due to special Qubes environment. Or is it similar in non-Qubes systems?