[qubes-users] No wired internet (Intel I219-LM) on new 4.1 install

Everything is default with the exception of:

  1. devices in sys-net is only with ethernet one. The other one, which was listed as unknown (guess wifi, disabled from bios) was removed.
  2. sys-firewall - limit traffic to * on TCP port 443.
  3. Disabled TOR. It said that I will not have internet (don’t know if it is connected, or mean only for whonix VMs)

The internet icon does not have an X.

I tried ping google from sys-net and sys-firewall terminal.

From sys-net domain+ip went through, sys-firewall only ip.

Updates are also not working.

sys-firewall - limit traffic to * on TCP port 443.
I tried ping google from sys-net and sys-firewall terminal.
From sys-net domain+ip went through, sys-firewall only ip.

* ping uses ICMP which the firewall will always let through unless you use qvm-firewall
* DNS queries are routed by Qubes OS to the netvm, which is in your case sys-firewall
* once you allow UDP port 53 in the firewall settings in sys-firewall DNS should work

Updates are also not working.

Well, they need DNS. :wink: ... and also Fedora will try to contact some HTTP URLs

If you don't want to allow HTTP in sys-firewall, you can

1. clone it to sys-update
2. set sys-update as updatevm and in the policy for updates
3. allow HTTP for sys-update
4. set "provides networking" to false for sys-update

That means sys-update will be used as update proxy but no other qube can use it as network (netvm).

/Sven

According the doc, you don’t need to do that.
Firewall policy which is see with qvm-firewall sys-firewall:
0. tcp 443

  1. dns
  2. icmp
  3. drop

I still can’t solve the problem.

I can access https://1.1.1.1. But not cloudflare.com.

M:

I can access https://1.1.1.1. But not cloudflare.com.

According the doc, you don't need to do that.
Firewall policy which is see with qvm-firewall sys-firewall:
0. tcp 443
1. dns
2. icmp
3. drop

I still can't solve the problem.

sys-firewall - limit traffic to * on TCP port 443.
I tried ping google from sys-net and sys-firewall terminal.
From sys-net domain+ip went through, sys-firewall only ip.

Don't set firewall rules directly on sys-firewall. Set them instead on the AppVMs that connect through sys-firewall.