I can’t ping from my stock Debian-10 template or my Fedora-32 template so I am unable to install applications I need. But I can ping from my AppVM which is using the sys-firewall netVM.
All my TemplateVMs are showing “default (n/a)” for their netVM in Qubes Manager. Should I change this or is that normal?
If that’s normal, what else do I look at?
This is not necessary for installing applications.
Did you actually try? Any errors shown?
This is correct. See here:
Why don’t templates have network access?
In order to protect you from performing risky activites in templates, they do not have normal network access. Instead, templates use an updates proxy that allows you to install and update software without giving the template direct network access.
I previously have installed applications successfully in a templateVM, but now I am trying to do a flatpak install command and I get Error resolving “registry.fedoraproject.org”: Name or service not known
apt and dnf inside a template get network through the Qubes OS update proxy at port 8082 on localhost. The template itself is always intentionally offline.
So your flatpack installer cannot connect to the internet by default and should rather be installed in the actual qube instead of the template. See also this thread.
This might be of interest to you:
@TechExplorer When you set up Qubes, there was an option to select “update system over Tor network”. If you chose that, then just start sys-whonix before installing stuff on templates. They will connect through sys-whonix. If you didn’t opt for Tor connectivity for system updates, I believe templates will default to using sys-firewall. Just be sure sys-firewall is running and connected to sys-net and your templates will have a network connection. Don’t assign a netVM to your templates.