I have a USB wwan modem that I used frequently. I pass the modem to sys-net via sys-usb.
Now when I connect, no vm besides sys-net recieves packets. I can ping ip and fqdn from sys-net terminal, and browse the web via firefox in sys-net and everything seems to work.
But sys-firewall and anything connected to sys-firewall does not seem to get packets passed to them from sys-net.
Iptables -L -v -n shows packets being sent out from sys-firewall, and sys-net shows that it recieves them in the chain and forward tables, and seems to show sys-net sending the packets out to ‘the internet’.
But when viewing iptables in sys-firewall or any other vm no packets seem to be returning from sys-net. Only the outbound counters increase. Sys-firewall still seems to be forwarding packets from other vms connected to it.
This does not happen when using the wifi connection.
I tried attaching the usb pci device to sys-net directly to remove sys-usb from the picture and it changed nothing.
Changing kernels from 120(current for me) to 110(the oldest I have and one that worked) changed nothing.
This happens using both Fedora and Debian.
I did post about something similar a few days ago, the problems are related and growing. But I cant seem to delete topics in dicourse(sorry).
Im still trying to figure this one out. I tried a fresh install of Qubes, updated everything over the wifi connection first and everything seemed to be ok. I disconnected the wifi connection and attached the wwan card to sys-net via sys-usb and the vms attached to sys-net lost their connection.
There are no errors in journalctl in sys-net or sys-firewall. I can see in journalctl that the modem gets activated, recieves an ip address and gateway, along with dns servers from the carrier and additional ones I specified.
There are no errors in qubes-firewall.service in either sys-net or sys-firewall.
One suspicious thing I could find is looking at the output of “ip addr” shows link state UNKNOWN for wwan0. It does not ever change to UP like the wifi or vif interfaces, but will show DOWN when not connected to the carrier. When in the UNKNOWN state NetworkManager will show a good connection.
Switching from qmi to mbim mode seems to have no effect either. It doesnt appear to me to be a problem with the modem, but rather some issue with how qubes is trying to handle the modem.
Sys-firewall can ping sys-net’s ip and the ip address given to the modem by the carrier dhcp
The modem will work when plugged into another computer (running debian bullseye) via a usb adapter.
What is the output of:
- In sys-net:
sudo nft list ruleset
What to look for is a forwarding chain for sys-firewall within the output.
What version of Qubes OS ? Qubes OS 4…0.4 or Qubes OS 4.1 ?
So you tried with sys-net using Fedora but also Debian ?
From my experience, if my sys-net was with fedora and sys-firewall with debian, it was not working so are sys-net and sys-firewall from the same template ?
When using fedora template for sys-net and sys-firewall, it was with the latest version → fedora 33 ?