No wired internet (I219-LM) on new install

I’ve installed Qubes 4.1.
Everything is default with the exception of:

  1. devices in sys-net is only with ethernet one. The other one, which was listed as unknown (guess wifi, disabled from bios) was removed.
  2. sys-firewall - limit traffic to * on TCP port 443.
  3. Disabled TOR. It said that I will not have internet (don’t know if it is connected, or mean only for whonix VMs)

The internet icon does not have an X.
I tried ping google from sys-net and sys-firewall terminal, it went through.

Any hints how to troubleshoot that?

No such command when you try to ping? Maybe you just mistyped somewhere?

To be accurate it says “No such name or service”.

Updates also not working.

Did you ping domain like google.com? What if you ping 8.8.8.8?

The ping works, but nothing else.

Well ping by domain name works for me in sys-firewall.
Did you change any settings in sys-firewall of sys-net? Maybe iptables rules in sys-net?

Check your iptables rules in sys-net:
sudo iptables -L -n -v -t nat
There should be DNAT rules for DNS requests:

Chain PR-QBS (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    5   119 DNAT       udp  --  *      *       0.0.0.0/0            10.139.1.1           udp dpt:53 to:X.X.X.X
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            10.139.1.1           tcp dpt:53 to:X.X.X.X
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            10.139.1.2           udp dpt:53 to:X.X.X.X
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            10.139.1.2           tcp dpt:53 to:X.X.X.X

I do have that. Only the pkts and bytes of first line are 0s.

Added type of the controller for more clarity.

Side question: why I don’t see my firewall rule all/443 from the settings window?*

As stated here:

The firewall rules for each qube are saved in an XML file in that qube’s directory in dom0:

/var/lib/qubes/appvms/<vm-name>/firewall.xml

You can check your VM rules in dom0:
qvm-firewall sys-firewall list
The ICMP and DNS are accepted by default and can’t be blocked in GUI but can be blocked with qvm-firewall tool.
Try to test the rules with curl since ping is accepted.

What do you have in /etc/resolv.conf in sys-firewall?
When you ping IP in sys-firewall it works fine but when you ping domain (ping google.com) then what error do you get? Temporary failure in name resolution?

/etc/resolv.conf:
nameserver 10.139.1.1
nameserver 10.139.1.2

sys-firewall ping google.com “No such name or service”.
sys-firewall ping 8.8.8.8 is OK.

Create new qube with the same template as sys-firewall and same “Net qube” (is it sys-net?) and set “Provides network” option for it. Then check if it’ll have the same problem with ping.

I left that for a final measure(if it works at all), as I want to understand why doesn’t work now.

Still can’t find a solution thought.

I’d suggest you to test it to see if the problem will remain or not. If there won’t be a problem in new qube then search for a difference between these two qubes.

Another laptop with I219-lm:

Thanks.

I reviewed that post and checked.

For me it is set. I have device and the internet shows as connected.

I guess it is some setting, still trying to figure it out.

I can access https://1.1.1.1. But not cloudflare.com.

So is it DNS problem?

Yes, it’s a problem with DNS.
What template do you use for sys-net/sys-firewall?
If it’s old fedora-35 template then maybe it’s this bug:

But it should be fixed in latest fedora-35 template.

It is the default fedora 34 with the 4.1 iso on the Qubes site.

I don’t know why DNS doesn’t work in sys-firewall but work in sys-net. You must have changed something in fedora-34 template or in sys-firewall but I don’t know what you have changed.
You can try to test if the problem is in template by creating new qube and checking if DNS will work there.