0

Background: I'm the kind of security and crypto nerd who thought it would be fun to play with Qubes OS at home. I live and breathe linux, but networking is not my forte.

Problem:

I am trying to mount my NAS drive onto a VM inside Qubes OS. I can ping my NAS from inside a Qube VM:

[user@Gmail-Banking]~% ping 192.168.0.198
PING 192.168.0.198 (192.168.0.198) 56(84) bytes of data.
64 bytes from 192.168.0.198: icmp_seq=1 ttl=62 time=0.794 ms
<snip>
--- 192.168.0.198 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4128ms
rtt min/avg/max/mdev = 0.692/0.738/0.794/0.036 ms

I can also reach the NAS from a web browser in that qube, but if I try to mount the NAS drive from Nautilus, it just spins forever:

Baring that I just don't know how to mount a network drive, I assume this has to do with firewall rules, but I don't know enough to know where to start debugging.

Configuration:

NAS is on my LAN, assigned 192.168.0.198 by my router.

Qubes running on a desktop also on the LAN. I am using the networking in the default out-of-the-box config (see pic below). The outer netvm (sys-net) has an ip 192.168.0.100 from the router and is the gateway for the firewallVM on 10.137.1.*, which is the gateway for all the AppVMs on 10.137.2.*.

Through the GUI, I believe I have set the firewall rules for this VM to completely open:

Firewall rules for this Qube

For reference, here's the stock network topology:

Qubes OS default network topology

My guess is that the firewallVM is dropping the smb traffic, but not sure how to confirm or correct this. Answers on this specific problem, or correcting my understanding of networking/firewalls appreciated.

Improve this question

1 Answer 1

Reset to default
1

Sorry I will answer by answering here because I don't have enough reputation to comment your post

I've just discovered qubes by looking into an new OS for my laptops. If you don't have touched your firwall settings from sys-firewall or sys-net then it is not a firewall problem from the qubes topology anyway.

I have connected successfully an nfs share from my synology, my qnap and my freenas. I didn't yet tried samba since the only use would be about a windows server or something.

With the little information you added in the comments, I would go with a problem with the file browser itself. Try to mount from the terminal with 

sudo mount -t cifs //192.168.0.138/share_name /your_path_where_you_want_to_mount_it -o username=...,password=...

When you've done that you will get the exact error message of there is any or it have been mounted successfully.

FYI,

1/ if you didn't change a thing about sys vm then, it only blocks new connection on incoming if I remember correctly but will check that later.

2/ it's better to separate things in qubes os. Don't hesitate to do many clones of your templates with differents packages for specifics usecases. In this case, I would go with a specific appvm for mounting network shares. I've done one with Debian 9 template and it working great. You can do the same with a fedora-minimal

Improve this answer
8
  • Thank you for your answer. NAS is ASUSTOR. I have never had a problem accessing the NAS's SMB service from other Windows, OSX, or Ubuntu machines, which is why I suspect it's a Qubes problem. Which machine / vm do you want logs from?
    – Mike Ounsworth
    Commented Sep 27, 2017 at 18:23
  • okey so yeah we need to see the logs first of the vm from where you were trying to access your nas
    – vigilian
    Commented Sep 27, 2017 at 18:27
  • Because actually it depends also of which version you have of cifs-utils for example. Which was the template of this vm? fedora? debian?
    – vigilian
    Commented Sep 27, 2017 at 18:28
  • Fedora-23. I'm at work right now, but can post more details tonight when I have time to poke.
    – Mike Ounsworth
    Commented Sep 27, 2017 at 18:30
  • no problem. I was going out since it s the evening for me anyway. So I will get back to you later, but first, it would be better to upgrade to the last fedora 25 template if you can. But we can do it without that. you can do that like this but in place of debian it's fedora
    – vigilian
    Commented Sep 27, 2017 at 18:34

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .