it appears the -j REDIRECT is blackholed somehow. on 4.16 and 4.14 I see the INPUT rules get hit but in 4.17 and 4.18 the INPUT rules are not hit.
1 Like
Can you provide more details? Cannot reproduce:
root@host:/home/user# { iptables -vnL -t nat; iptables -nvL; } |grep 9051
0 0 REDIRECT tcp -- vif+ * 0.0.0.0/0 192.168.0.10 tcp dpt:9051 redir ports 9051
14 728 REDIRECT tcp -- vif+ * 0.0.0.0/0 10.152.152.10 tcp dpt:9051 redir ports 9051
0 0 REDIRECT tcp -- vif+ * 0.0.0.0/0 10.0.0.0/8 tcp dpt:9051 redir ports 9051
0 0 REDIRECT tcp -- vif+ * 0.0.0.0/0 10.0.0.0/8 tcp dpt:9051 redir ports 9051
14 728 ACCEPT tcp -- vif+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9051
root@host:/home/user# uname -a
Linux host 4.18.5-2.pvops.qubes.x86_64 #1 SMP Mon Sep 3 14:47:45 UTC 2018 x86_64 GNU/Linux
1 Like
@marmarek what details do you require?
I am using both a whonix-ws-14 template as appvm and dispvms and neither work. templates do work but that’s probably because they use qrexec and the direct host network of sys-whonix which still works just fine.
root@host:~# { iptables -vnL -t nat; iptables -nvL; } |grep 53| grep udp
6 402 REDIRECT udp -- vif+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 redir ports 5300
0 0 ACCEPT udp -- vif+ * 0.0.0.0/0 0.0.0.0/0 udp dpt:5300
root@host:~# { iptables -vnL -t nat; iptables -nvL; } |grep 9051
0 0 REDIRECT tcp -- vif+ * 0.0.0.0/0 192.168.0.10 tcp dpt:9051 redir ports 9051
880 45760 REDIRECT tcp -- vif+ * 0.0.0.0/0 10.152.152.10 tcp dpt:9051 redir ports 9051
0 0 REDIRECT tcp -- vif+ * 0.0.0.0/0 10.0.0.0/8 tcp dpt:9051 redir ports 9051
0 0 REDIRECT tcp -- vif+ * 0.0.0.0/0 10.0.0.0/8 tcp dpt:9051 redir ports 9051
0 0 ACCEPT tcp -- vif+ * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9051
root@host:~# uname -a
Linux host 4.18.5-2.pvops.qubes.x86_64 #1 SMP Mon Sep 3 14:47:45 UTC 2018 x86_64 GNU/Linux
1 Like