I am following the instructions to make named disposables for the sys-* appvms (on v4.0 kept up-to-date). sys-net works (though it of course doesn’t remember WIFI config across boots), sys-usb works, and my customized sys-vpn works (with a hack or 2). I’m using the disposable sys-vp2 and sys-net2 to write this report.
However, sys-firewall doesn’t work: it pings external sites just fine, however any VM connected to it can’t access anything, not even the new sys-firewall2. It even works as an update VM, just not as a firewall VM. I’ve looked at all of the configurations, and can’t see what it different(other than expected things like IP and xid). I’ve blown it away and recreated it following the instructions (Disposable customization | Qubes OS) several times with no change. I can have both the original sys-firewall and the disposable running at the same time, and switch a VM between using the 2: it works with the original one, and not for the disposable one: can’t get DNS, can’t ping numbered IPs (like 8.8.8.8). Both are configured to “provides-network”, etc.
$ sdiff -w 79 -W -s -d <(qvm-prefs sys-firewall) <(qvm-prefs sys-firewall2)
autostart - True | auto_cleanup D False backup_timestamp - 1625613892 | autostart D False > backup_timestamp U default_dispvm D fedora-dvm | default_dispvm D fedora-small-d gateway D 10.137.0.6 | dispid - 6826 > gateway D 10.138.26.170 ip D 10.137.0.6 | ip D 10.138.26.170 klass D AppVM | klass D DispVM name - sys-firewall | name - sys-firewall2 qid - 6 | qid - 22 start_time D 1627011956.8 | start_time D template - fedora-33-sm | template - fedora-small-d template_for_dispvms D False < uuid - d9a49533-2cb | uuid - e4d12277-f614- visible_ip D 10.137.0.6 | visible_ip D 10.138.26.170 xid D 19 | xid D -1
Any ideas what to check out?
I did check that /proc/sys/net/ipv4/ip_forward was “1”.
thanks