/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fedora-26-minimal not working as either sys-net or sys-firewall #3443

Closed
mossy-nw opened this Issue Jan 3, 2018 · 3 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.2 updates
2 participants
@mossy-nw @andrewdavidwong
@mossy-nw

mossy-nw commented Jan 3, 2018
edited
Edited 4 times
  • @mossy-nw mossy-nw edited Jan 3, 2018 (most recent)
  • @mossy-nw mossy-nw edited Jan 3, 2018
  • @mossy-nw mossy-nw edited Jan 3, 2018
  • @mossy-nw mossy-nw edited Jan 3, 2018

Qubes OS version:

R3.2

Affected TemplateVMs:

fedora-26-minimal

Steps to reproduce the behavior:

  1. install fedora-26-minimal template from dom0 terminal: sudo qubes-dom0-update qubes-template-fedora-26-minimal
  2. clone fedora-26-minimal to f26-min-net from dom0 terminal: qvm-clone fedora-26-minimal f26-min-net
  3. install packages needed to make a suitable netVM template (following instructions for fedora-25-minimal): sudo dnf install NetworkManager network-manager-applet dbus-x11 dejavu-sans-fonts tinyproxy notification-daemon gnome-keyring
  4. set sys-net template to f26-min-net
  5. set sys-firewall template to fedora-26-minimal
  6. restart sys-net and sys-firewall

Expected behavior:

we connect to the Internet!

Actual behavior:

  • if either sys-net or sys-firewall (see below for tested combinations) uses fedora-26-minimal or f26-min-net, sys-net appears to make an Internet connection (tray icon) but no appVMs (nor qubes-dom0-update, nor sys-whonix) can connect to the Internet)

General notes:

  • this is on a desktop system (ethernet only) so NetworkManager-wifi and wireless-tools were omitted
  • fedora-26 (not minimal) works as sys-net and sys-firewall
sys-net sys-firewall web (appVM) dom0-updates WhonixCheck
f26-min-net fedora-26-minimal NO NO NO
f25-min-net fedora-25-minimal yes! yes! yes!
f26-min-net fedora-25-minimal NO NO NO
f25-min-net fedora-26-minimal NO yes (?) NO
fedora-26 fedora-26 yes! yes! yes!
fedora-26 fedora-26-minimal NO yes (?) NO
f26-min-net fedora-26 NO NO NO

Related issues:

#3429

@andrewdavidwong andrewdavidwong added bug C: Fedora labels Jan 4, 2018

@andrewdavidwong andrewdavidwong added this to the Release 3.2 updates milestone Jan 4, 2018

@mossy-nw

This comment has been minimized.

Show comment
Hide comment
@mossy-nw

mossy-nw Jan 4, 2018

thanks, andrewdavidwong, for pointing to this comment by rusty bird who indicates manual install of iptables package might be needed for the fresh templates -- https://groups.google.com/forum/#!topic/qubes-users/pD4KV9hOYhQ/discussion -- I will test to see if this works and post back here.

mossy-nw commented Jan 4, 2018

thanks, andrewdavidwong, for pointing to this comment by rusty bird who indicates manual install of iptables package might be needed for the fresh templates -- https://groups.google.com/forum/#!topic/qubes-users/pD4KV9hOYhQ/discussion -- I will test to see if this works and post back here.
@mossy-nw

This comment has been minimized.

Show comment
Hide comment
@mossy-nw

mossy-nw Jan 4, 2018

manually installing iptables to both the sys-net and sys-firewall templateVMs fixes the issue:
$ sudo dnf install iptables

thanks, David for digging up the relevant qubes-users threads!

mossy-nw commented Jan 4, 2018

manually installing iptables to both the sys-net and sys-firewall templateVMs fixes the issue:
$ sudo dnf install iptables

thanks, David for digging up the relevant qubes-users threads!

Yethal added a commit to Yethal/qubes-doc that referenced this issue Jan 5, 2018

@Yethal
Added iptables to package list 
Added iptables to list of packages for a NetworkVM as per resolution of QubesOS/qubes-issues#3443
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
fcac4db

@Yethal Yethal referenced this issue in QubesOS/qubes-doc Jan 5, 2018

Merged

Added iptables to package list #504

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Jan 5, 2018

Member

Closing this as "resolved." If you believe the issue is not yet resolved, or if anyone is still affected by this issue, please leave a comment, and we'll be happy to reopen this. Thank you.
Member

andrewdavidwong commented Jan 5, 2018

Closing this as "resolved." If you believe the issue is not yet resolved, or if anyone is still affected by this issue, please leave a comment, and we'll be happy to reopen this. Thank you.

@andrewdavidwong andrewdavidwong closed this Jan 5, 2018

@andrewdavidwong andrewdavidwong added the resolved label Jan 5, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment