Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-12-25 15:29:29 -05:00
Code Issues Packages Projects Releases Wiki Activity

IP address use for forwarding external requests

Browse Source
This commit is contained in:
Dr. Gerhard Weck 2022-05-28 13:03:29 +02:00 committed by GitHub
parent c86d57e44b
commit a072318fe4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
user/security-in-qubes/firewall.md
View File

@ -468,10 +468,10 @@ If the service should be available to other VMs on the same system, do not forge
Here no routing is required, only filtering. Here no routing is required, only filtering.
Proceed in the same way as above but store the filtering rule in the `/rw/config/rc.local` script. Proceed in the same way as above but store the filtering rule in the `/rw/config/rc.local` script.
For the following example, we assume that the IP adress of sys-firewall is 10.137.1.z. For the following example, we assume that the target VM running the web server has the IP address 10.137.0.xx
``` ```
sudo name /rw/config/rc.local sudo nano /rw/config/rc.local
``` ```
~~~ ~~~
@ -490,7 +490,7 @@ fi
if ! iptables -w -n -L INPUT | grep --quiet MY-HTTPS; then if ! iptables -w -n -L INPUT | grep --quiet MY-HTTPS; then
# add a forward rule for the traffic (same reason) # add a forward rule for the traffic (same reason)
iptables -w -I INPUT 5 -d 10.137.1.z -p tcp --dport 443 -m conntrack --ctstate NEW -j MY-HTTPS iptables -w -I INPUT 5 -d 10.137.0.xx -p tcp --dport 443 -m conntrack --ctstate NEW -j MY-HTTPS
fi fi
~~~ ~~~