I have my AppVM running on a Sys-vpn VM to have a VPN connection as
I have IPv4 settings any other AppVM and I would like to access SSH to another device in my local network (on top of Qubes: 192.168.1.x for example) but no chance
I don’t see any firewall rules that limit me to ping a local machine?
The safest way to make an exception for accessing your LAN is to setup
an appVM for your LAN-oriented tasks and connect that appVM to
sys-firewall instead of sys-vpn.
I agree with @tasket - keep your VPN and non-VPN connections separate.
Assuming you have a standard LVM setup, an alternative is to create a snapshot of your photos AppVM volume, mount it in your local AppVM, backup, and then umount & delete the snapshot. SSH not needed.
I forgot the specifics, but the general method to allow this in sys-vpn
is to find out which vif is currently being used by the appVM, then
insert an iptables rule at the top of the FORWARD chain to accept
packets coming from the vif and going to eth0.