[crossbow-discuss] Setting up router zone

Fri, 16 Oct 2009 12:11:47 -0400 

On 10/15/09 18:25, Jeff Victor wrote:
> I would like to set up a zone to be a router - and nothing else - in a 
> virtual network that is using crossbow on OpenSolaris 2009.06. I am 
> trying to create a list of all of the necessary commands.
> 
> Assume that:
> * the zone will have two VNICs: one going to the outside world via a 
> NIC, and one going to an internal switch to which other zones are connected
> * the zone and its VNICs have been created
> * I want to disable all unnecessary services to harden the router-zone
> 
> What commands do I need in the zone to persistently enable routing? So 
> far I have:
> 
> router-zone# svcadm enable svc:/network/ipv4-forwarding

you should also ifconfig() your interface to route

cat /etc/hostname.mynet1
myaddress1 router up

cat /etc/hostname.mnynet2
myaddress2 router up

I don't enable the forwarding service on my router.

(note, S10 10/09 not OpenSolaris, however, this stuff is the same, AFAIK)

steffensrouter# ifconfig -a4
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 
8232 index 1
         inet 127.0.0.1 netmask ff000000
e1000g1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 
1500 index 2
         inet 129.154.53.130 netmask ffffff00 broadcast 129.154.53.255
         ether 0:e:c:c0:6b:c4
e1000g1:1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 
1500 index 2
         inet 129.154.53.129 netmask ffffff00 broadcast 129.154.53.255
e1000g1:2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 
1500 index 2
         inet 192.168.200.129 netmask ffffff00 broadcast 192.168.200.255
nge0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 
index 3        inet 10.1.14.130 netmask ffffffc0 broadcast 10.1.14.191
         ether 0:17:31:46:d8:be
nge0:1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 
1500 index 3
         inet 10.1.14.129 netmask ffffffc0 broadcast 10.1.14.191

Yes, I have two 'routers' between the 10.1.14.128/26 and 129.154.53.0/24 
network, as I collapsed two systems into one. I do have a default router 
on the 129.154.53.0/24 network.

steffensrouter#
steffensrouter# svcs *route*
STATE          STIME    FMRI
disabled       Oct_07   svc:/network/routing/route:default
steffensrouter# svcs *forward*
STATE          STIME    FMRI
disabled       Oct_07   svc:/network/ipv4-forwarding:default
disabled       Oct_07   svc:/network/ipv6-forwarding:default
steffensrouter#

> 
> Also, what services can I disable?
> 
> TIA,
> --JeffV
> 
> _______________________________________________
> crossbow-discuss mailing list
> crossbow-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss

Reply via email to