Yes - you need to adjust the firewall rules on the vpn qube to direct
(ftp) traffic from the source ip to the local network - you could make
this *highly* specific by specifying the destination in the new rule.
Is there a way to ftp to another computer on my LAN from a appvm that is
using a proxyvm?
I am able to ftp to other computers when I set this appvm to just use the
default firewall, but sometimes I forget to set it back to use a vpn vm; but
if I have the appvm using the vpn/proxy vm then I am unable to reach any of
the other computers on my LAN?
Please advise
Yes - you need to adjust the firewall rules on the vpn qube to direct
(ftp) traffic from the source ip to the local network - you could make
this *highly* specific by specifying the destination in the new rule.
pardon my ignorance but how would I do that? I know it would be in settings -> firewall settings but after that it gets a bit fuzzy?
> > Is there a way to ftp to another computer on my LAN from a appvm that is
> > using a proxyvm?
> >
> > I am able to ftp to other computers when I set this appvm to just use the
> > default firewall, but sometimes I forget to set it back to use a vpn vm; but
> > if I have the appvm using the vpn/proxy vm then I am unable to reach any of
> > the other computers on my LAN?
> >
> > Please advise
> >
>
> Yes - you need to adjust the firewall rules on the vpn qube to direct
> (ftp) traffic from the source ip to the local network - you could make
> this *highly* specific by specifying the destination in the new rule.
pardon my ignorance but how would I do that? I know it would be in settings
-> firewall settings but after that it gets a bit fuzzy?
Well, you cant do it there, because you need to adjust the firewall
rules implemented ON the vpn qube.
> What method are you using to set up the vpn?
>
I used the new community vpn setup
Right - but there are 2 methods outlined on that github page (if that's what
you mean by community vpn) - 3 if you include "vpn on sys-net". Did you
follow the "iptables and CLI scripts" section?
There's an added issue that you will have to consider and that is the
nature of FTP connections - when a client connects to a server, the
server may create a link back to a port specified in the original
connection: this is non-passive(active) ftp. If your FTP server does
this then you will have to enable a route through to the client qube.
The client may instead send a PASV command - then the server *may* send
back a listening port number, and the client will create a link to that
port.
So there are 4 possibilities, and the firewall rules you need will
depend on what are the capabilities of the server. Best check on that.
Thanks unman,
I used the Qubes OS contributed package "qubes tunnel".
I am not sure about my server, is there a "standard" way to check that? (the server is running unraid, which is/was based on slackware so am hoping there might be a way to check that would work on most distros?).
For the iptables and cli scripts part, would that still apply to using the "qubes tunnel" setup option?