Hi - I have a start9 bitcoin node on my network. It is accessible from my linux computers via redacted.local. However, I can’t browse or ping that address in any of qubes. Is there something I have to configure in qubes to reach it?
thanks in advance
Try to ping it from sys-net.
Are you sure the sys-net in the same local network as your bitcoin node?
What’s your network configuration? How your Qubes OS PC and bitcoin node are connected to the network?
HI thanks for your assistance.
I cannot ping from sys-net: “Name or service not known”
Both my bitcoin node and my PC are connected via ethernet to my router.
fwiw - when I boot my PC into a linux live environment via USB drive, I can reach/ping my .local device…so that this tells me I need to configure something on qubes?
Try to ping the IP address directly instead of local domain “redacted.local”.
Check the DNS server that is configured in sys-net and see if it’s the one that knows how to resolve redacted.local.
thanks again for your suggestion. Pinging the IP works. The problem is Start9’s services, like bitcoin core and electrum server, are accessible via additional addresses: long_string.local that dont have direct IPs. I think it has to do with docker or something.
How do I check the DNS server in sys-net as you suggest?
Right click on Network Manager applet in tray → Connection information.
Or maybe in sys-net terminal:
cat /etc/resolv.conf
ah ok yeah, both methods yield 192.168.1.1 as my DNS server
But if I understand mDNS correctly the DNS server isn’t involved, its something to do with avahi?
Actually I think this post covers a possible solution.
But damn…
" you will have to enable the firewall on your qube to
accept incoming avahi traffic (usually UDP 5353) and route traffic
to that qube from sys-net. (Covered in Firewall | Qubes OS )"
…Is easier said than done. I tried reading the Firewall doc and then drowned. Anyone have any luck doing this?
Yes, it looks related, but I’m not familiar with how mDNS works so I can’t help you with that.
1 Like
thanks
You need to route port UDP 5353 from sys-net to sys-firewall and from sys-firewall to your qube
The firewall of each qube shouldn’t block port udp 5353 either.
I wrote a script to ease the redirection work Solene'% : Script NAT on Qubes OS
very cool!
Here’s the output from your script:
qube is running
Qube Bitcoin has sys-firewall for netvm
sys-firewall → Bitcoin: [OK]
Qube sys-firewall has sys-net for netvm
sys-net → sys-firewall: [OK]
Qube sys-net has - for netvm
Error: Could not process rule: No such file or directory
add rule qubes custom-input udp dport 5353 accept
Do I have something messed up on my system?
this is weird, do you run Qubes OS 4.2?
What failed here exactly is to open the port on the qube you want to use, you could try manually with nft add rule qubes custom-input udp dport 5353 accept from the qube itself.
yes 4.2.
I ran that in my Bitcoin qube and similar error:
Error: Could not process rule: No such file or directory
add rule qubes custom-input udp dport 5353
^^^^^^^^^^^^
zsh: exit 1 sudo nft add rule qubes custom-input udp dport 5353
Then I changed my Bitcoin template from whonix-workstation-17 to debian-12-xfce and now your script runs without errors. My mistake I should have realized it wouldn’t work with whonix.
But after running your script I still cant resolve .local addresses from my bitcoin cube, nor my sys-net cube. Do I need to turn something on in sys-net?
I need to check this more in details, now I realize it’s more complicated than I expected.
avahi must be running and listening on port 5353, but the qube also need to broadcast packets on the local network (and not on its qubes os local network) to ping for devices that will answer for their .local addresses