gaschz/qubes-network-server
1
0
Fork 0
mirror of https://github.com/Rudd-O/qubes-network-server.git synced 2025-03-01 14:22:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

More documentation.

Browse Source
This commit is contained in:
Manuel Amador (Rudd-O) 2016-10-11 19:20:10 +00:00
parent 7ad6b81670
commit fbddb85b97
1 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@ -1,6 +1,6 @@
#Qubes network server
This software lets you turn your Qubes OS machine into a network server.
This software lets you turn your [Qubes OS](https://www.qubes-os.org/) machine into a network server, enjoying all the benefits of Qubes OS (isolation, secure inter-VM process communication, ease of use) with none of the drawbacks of setting up your own Xen server.
##Enhanced networking model
@ -47,7 +47,7 @@ a ProxyVM `server-proxy`, which in turn is connected to a NetVM
to your laptop on the same physical network, which we'll assume has
IP address `192.168.1.8`.
###Assign a static address to `httpserver`
###Assign a static address
First step is to assign an address — let's make it `192.168.1.6`
to `httpserver`:
@ -56,12 +56,12 @@ to `httpserver`:
qvm-static-ip -s httpserver static_ip 192.168.1.6
```
###Restart `httpserver`
###Restart VM
Due to limitations in this release of the code, you must power off
the `httpserver` VM and then power it back on.
###Set firewall rules on `httpserver`
###Set firewall rules on VM
Launch the Qubes Manager preferences window for the `httpserver` VM.
Go to the *Firewall rules* tab and select *Deny network access
@ -76,6 +76,10 @@ Note the trick here — any address whose text begins with
`from-` gets transformed into an incoming traffic rule, as opposed
to the standard rules that control only outbound traffic.
**Security note**: the default "allow all" firewall leaves all ports
of the VM accessible to the world. To the extent that you can avoid
it, do not use the "allow all" firewall setting at all.
Back on the main dialog, click *OK*.
###That's it!
@ -91,6 +95,19 @@ inbound connections.
You'll also note that `httpserver` has received no permission to
engage in any sort of outbound network traffic.
##Inter-VM network communication
This software isn't limited to just letting network servers be
accessible from your physical network. VMs can talk among each
other too. Simple instructions:
* Set up a static IP address for each VM.
* Set up the appropriate rules to let them talk to each other.
VMs so authorized can talk to each other over the network,
even when they do not share a ProxyVM between them, of course,
so long as their ProxyVMs share the same NetVM.
##Disabling network server
Two-step process. Step one: