James Carlson wrote:
> Jim Walker wrote:
>> The problem I'm seeing is other systems on the 10.10.46.0 network
>> are using 10.10.46.128 as their router.
>>
>> Is there a way to limit routing to just the internal virtual network?
>
> Can you provide more details on what the problem is?
>
> Is the problem that systems on 10.10.46.0/24 are acquiring routes
> pointing to .128 as a router (default or otherwise)? If so, then that
> implies that you want to disable routing advertisements on that
> interface, or perhaps all advertising. How do you have your routing
> protocols configured?
Systems using dhcp on the 10.10.46.0 subnet are picking
up .128 as a router.
-bash-4.0$ routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 routing enabled enabled
IPv6 routing disabled disabled
IPv4 forwarding enabled enabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
Routing daemons:
STATE FMRI
disabled svc:/network/routing/ripng:default
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
online svc:/network/routing/ndp:default
disabled svc:/network/routing/rdisc:default
online svc:/network/routing/route:default
-bash-4.0$
> Is the problem that there are systems on the 10.10.46.0/24 network that
> have (maliciously?) set .128 as a next hop gateway for routes, and you
> don't want them to be _able_ to use this system that way? If so, then I
> think you're probably looking at configuring IP Filter to exclude the
> "unwanted" traffic.
It is happening automatically. But, we could use this if other
methods don't work.
> Is the problem that you have packets forwarding through 10.10.46.0/24 on
> this system, and that's just fine, but you don't want _certain_ remote
> destinations to be reachable through there? If so, then that might be a
> configuration issue on those other systems, or a routing protocol
> configuration problem, or perhaps yet another usage case for IP Filter.
>
> Please clarify and provide specific examples of the issues you see.
That's not the problem.
>> If I use this command "# ifconfig nge0 -router" to disable the
>> physical network the virtual router is also disabled.
>
> The "-router" option turns off IFF_ROUTER, which disables all IP
> forwarding on that interface. It's the modern equivalent of the old
> "ndd -set /dev/ip nge0:ip_forwarding 0" mechanism.
We need something a bit more specific.
Cheers,
Jim
