Hi all, I would like to ask you for help how to make AppVM accessible via SSH.
I would like to sync some files via local network via cronjob. I created one new AppVM based on Debian, where will be running SSH service. I need to make this AppVM and SSH service accessible from LAN, so I need to open port in firewall (on AppVM, or Sys-Firewall, or Sys-Net?), after that it should probably works. I try to find some resources here on forum, but I am not sure that I understand it correctly, could anyone help me please?
This is exactly what I need, but the script by @unman did not work for me in Qubes OS 4.2.
Looking into why it is failing, it is because none of the VMs have the ‘nat’ or ‘filter’ nft tables.
Since I am new to Qubes OS, I don’t know if this is because of a change in the OS that requires fixing the script, or a misconfiguration on my part (although the network seems to be working, so I am guessing the NAT is working even though there are not ‘nat’ tables; my guess is that something has changed there).
It would be great to get any pointers on how this could be fixed, since this is a feature I need pretty badly.
If you want to understand how this work, it’s explained in the documentation
you need to add NAT rules so port 22 on sys-net is redirected to port 22 on sys-firewall which redirects it to the AppVM which should accept connection on this port.
I ended up following the forum thread you started on this first (Qubes OS 4.2 nftables / nft firewall guide), and then the documentation made a lot more sense, Now it seems pretty obvious.
I am leaving this with a link to the thread in case it is useful for someone who may be a bit stumped at first by the documentation.