-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathopenBSD_as_netvm
47 lines (33 loc) · 1.18 KB
/
openBSD_as_netvm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
Install OpenBSD as HVM Template
Create netvm "openFW" using OpenBSD as template.
Set openFW virt_mode to HVM
Attach network device to openFW.
Create netvm - fw
Make sure that fw does not have netvm set:
qvm-prefs fw netvm none
Set fw as netvm for openFW.
qvm-prefs openFW netvm fw
Note IP address of openFW from 'qvm-ls -n openFW'
Here address is 10.137.0.6
Start fw and openFW.
On fw netvm:
Identify vif to openFW -
'ip route ' will show vifXX.0
Here output is "10.137.0.6 dev vif33.0....."
Add route to default gw 10.137.0.6:
ip route add default via 10.137.0.6
Configure forwarding on fw:
iptables -I FORWARD -i vif+ -o vif+ -j ACCEPT
(This allows all qubes connected to fw to interact - you may wish to be more
restrictive.)
Override Qubes restrictions:
iptables -t raw -I PREROUTING -i vif33.0 -j ACCEPT
Forward DNS traffic to external DNS server:
iptables -t nat -I PR-QBS -p udp --dport 53 -j DNAT --to 9.9.9.9
(Put these in /rw/config/qubes-firewall-user-script
chmod +x /config/qubes-firewall-user-script )
On openFW congiguration is more straightforward.
Run firewall script
Bring up em0 - dhclient em0
ifconfig xnf0 10.137.0.6 up
Set qubes to use fw as netvm using qvm-prefs