And then, I build sys-eth for local ethernet. It could be possible because I have LAN cable connecting them. Qubes successfully recognize the network after I set up static ip addresses for both of devices.
Both of qubes are disposable templates.
Here is the problem. I’m stuck on connecting my phone and laptop in syncthing. Two devices are not recognized by each for each in syncthing. Even though I register them by device ID in syncthing, they are just showned as disconnected.
What would be the reason that I fail to connect them? I guess the problem is due to the IP address used in the static ip settings. I’m curious that I should match the IP addresses of ethernet with the given ip of a disposable copy of syncthing qube(server qube) when this one is turned on.
In the other devices you should have set the external IP of sys-eth,
and then you should pass through the syncthing traffic to the syncthing
qube, to allow the inbound traffic. (Look in the docs for qubes
firewall.)
You will also have to open an inbound port on the syncthing qube to
allow inbound discovery traffic.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
I think I have a trouble to build sys-eth. Qubes says there is a local connection after setting up static ips, but there is no response to ping.
I follow up the below instruction,
I got stuck on step 1 (Optional)
You can send a test packet by trying to connect to the service from an external device using the following command:
telnet 192.168.x.n 443
Once you have confirmed that the counters increase, store the commands used in the previous steps in /rw/config/qubes-firewall-user-script so they get set on sys-net start-up:
The counters doesn’t increase and 100% packet loss.
Hello,
I really dont understand your set up, or what you have done.
It would be helpful if you could set out what you have, what you have
done, what IP addresses you have (suitably anonymised) etc etc.
If you have followed instructions, just refer to them, rather than run
describe them again.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
Sorry for that, I’m reall new to network things, and the setups are really complicated, I missed what should I explain.
In fact, I resolved the question already.
I didn’t fully complete firewall settings, but it seems work.
The problem was that I didn’t insert the device addresses after registering device IDs. After I write like tcp:// 192.168.0.3:22000 in device addresses entries, they successfully shares the folder.
But honestly, I also don’t fully understand what I should set up.
Here are what I’ve done.
(Physical setup) I connect my phone and laptop by LAN card. Laptop – (LAN cable) – (LAN card with USB-C) – Android phone
(Qubes setup) Disposable netvm for ethernet sys-eth, firewall for ethernet sys-eth-firewall and destination qube ss
2-1. sys-eth, sys-eth-firewall, and ss are all dispVM.
2-2. I set up already on the templateVM of ss by following instructions : [[Split-syncthing]], and [[Use qubes-sync with multiple clients and one server]]
2-3. sys-eth, sys-eth-firewall are constructed by following the instructions in Disposable customization | Qubes OS named disposables for service qubes
(IP setup) Use static ips. On the network option of sys-eth, I use 192.168.0.2 with gateway 192.168.0.1 and subnet mask 255.255.255.0. On my phone, I set up 192.168.0.3 with same gateway and subnet mask.
I try to build the firewall by following the above instruction, but here are the problems:
4-1. ping 192.168.0.3 443 doesn’t work but ping 192.168.0.3 works.
4-2. When I run the command nft list table ip qubes,
chain custom-forward {
iif "ens6" ip saddr 192.168.0.0/24 ip daddr <sys-eth-firewall ip address> tcp dport 443 ct state new,established,related counter packets 7 bytes 448 accept
}
is shown. (Why 192.168.0.0? Not 192.168.0.3)
The same problem occurs for each qubes;sys-eth-firewall and ss
Despite of these problems, ping 192.168.0.3 works in sys-eth-firewall and ss
Despite of these problems, syncthing works. I guess it’s because direct connection is established, but no firewall filtered.
I’m not sure this is helpful to understand my setup.