Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test and document hooking TCP connection into qrexec using socat #2148

Closed
andrewdavidwong opened this issue Jul 4, 2016 · 5 comments
Closed

Test and document hooking TCP connection into qrexec using socat #2148

andrewdavidwong opened this issue Jul 4, 2016 · 5 comments
Labels
C: doc help wanted This issue will probably not get done in a timely fashion without help from community contributors. P: major Priority: major. Between "default" and "critical" in severity. T: task Type: task. An action item that is neither a bug nor an enhancement.
Milestone
Non-release

Comments

@andrewdavidwong
Copy link
Member

On 2016-07-03 11:29, Marek Marczykowski-Górecki wrote:

It should be easy to hook any TCP connection into qrexec using socat.

Something like this (untested):

source VM: launch this somewhere (/rw/config/rc.local?)

socat TCP-LISTEN:4444,fork EXEC:"qrexec-client-vm target-vm my-tcp-service"

target VM: /usr/local/etc/qubes-rpc/my-tcp-service (this is stored in /rw):

socat STDIO TCP:localhost:4444

dom0: /etc/qubes-rpc/policy/my-tcp-service

source-vm target-vm allow
@andrewdavidwong andrewdavidwong added C: doc P: major Priority: major. Between "default" and "critical" in severity. T: task Type: task. An action item that is neither a bug nor an enhancement. labels Jul 4, 2016
@andrewdavidwong andrewdavidwong added this to the Documentation/website milestone Jul 4, 2016
@andrewdavidwong
Copy link
Member Author

(This could become a tool instead of just documentation steps.)

@0xB44EFD8751077F97 0xB44EFD8751077F97 mentioned this issue Sep 21, 2017
Closed
@marmarek marmarek mentioned this issue Feb 10, 2018
Closed
@Joeviocoe
Copy link

https://gist.github.com/Joeviocoe/90ec9fd9a0769b4671a8ae9c87584187

@andrewdavidwong
Copy link
Member Author

@Joeviocoe: Please consider submitting this as a PR to the appropriate repo. I'm afraid it'll be overlooked as just a comment with a link to a gist.

@tlaurion
Copy link
Contributor

tlaurion commented Feb 18, 2018
edited
Loading

@Joeviocoe: It would be awesome if this could be merged into the Qubes Network Server project, instead of pushing files manually into qubes.

@Rudd-O made it in such way that the Firewall GUI supported an additional "from-" prepending addresses and ports. His code was applied for each machines that had assigned static ips, making a generalist solution, both interesting for UDP and TCP.

@andrewdavidwong andrewdavidwong added the help wanted This issue will probably not get done in a timely fashion without help from community contributors. label Mar 18, 2018
@marmarek marmarek mentioned this issue May 5, 2018
Closed
@marmarek marmarek mentioned this issue Aug 2, 2019
Merged
fepitre added a commit to fepitre/qubes-core-agent-linux that referenced this issue Aug 8, 2019
@fepitre
Allow creating TCP sockets between qubes
e27296d 
QubesOS/qubes-issues#2148
@qubesos-bot qubesos-bot mentioned this issue Aug 11, 2019
Closed
marmarek pushed a commit to QubesOS/qubes-core-agent-linux that referenced this issue Sep 7, 2019
@fepitre @marmarek
Allow creating TCP sockets between qubes
5364885 
QubesOS/qubes-issues#2148

(cherry picked from commit e27296d)
@qubesos-bot qubesos-bot mentioned this issue Sep 10, 2019
Closed
@marmarek
Copy link
Member

marmarek commented Feb 6, 2022

Documented at https://www.qubes-os.org/doc/firewall/#opening-a-single-tcp-port-to-other-network-isolated-qube already

@marmarek marmarek closed this as completed Feb 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: doc help wanted This issue will probably not get done in a timely fashion without help from community contributors. P: major Priority: major. Between "default" and "critical" in severity. T: task Type: task. An action item that is neither a bug nor an enhancement.
Projects
None yet
Milestone
Non-release
Development

No branches or pull requests
4 participants
@marmarek @tlaurion @andrewdavidwong @Joeviocoe