Think of zones as just being sets of processes or a particular subset of the
view of the system from the global zone.
Don't think of the zone as another machine - at least not yet - so far as
networking goes.
There might be some posts on opensolaris.org about using ipnat and rdr
and arp and zones to do what you want from last year or earlier.
The problem that you have is that you don't want to give the zone visbility
of the external networks - which raises a problem: how does it send its
reply
packets back *out*?
I think what was done was to create a fake default route (in the zone) and
then manually add in an ARP entry...maybe an ARP entry that points to
the *real* router.
So if your server had a network interface, 10.1.1.1, with its default route
set to 10.1.1.254, but your zone is 192.168.1.1, then you create a default
route to 192.168.1.254 and then populate the ARP table with an entry that
maps 192.168.1.254 to the MAC address of 10.1.1.254 - even though
there is n 192.168.1.254 in existence.
What you're expecting, local zone to global zone data comms via an
internal network, is not there yet.
Darren
Luiz Casey wrote:
My initial thought was that using ipnat with rdr would redirect the
port to the private subnet not needing a router to go back to the
outside world. I also read couple posts on forums that you can use
ipfilter/ipnat as a NAT for Solaris. The first link said it had to be
on separate interfaces but the second had it on the same. Tried both
and was unsuccessful so thought of maybe someone else here being able
to do so and is currently running this setup.
http://www.rite-group.com/rich/solaris_nat.html
http://groups.google.com/group/comp.unix.solaris/msg/10950f8378d28234
-Luiz
Luiz Casey
Office: (202) 885-2692
Cell: (202) 403-1209
[EMAIL PROTECTED]
Inactive hide details for Darren Reed ---05/01/2008 02:10:58 PM---Luiz
Casey wrote:Darren Reed ---05/01/2008 02:10:58 PM---Luiz Casey wrote:
*Darren Reed <[EMAIL PROTECTED]>*
Sent by: [EMAIL PROTECTED]
05/01/2008 02:10 PM
Please respond to
[EMAIL PROTECTED]
To
Luiz Casey <[EMAIL PROTECTED]>
cc
[email protected]
Subject
Re: rdr help
Luiz Casey wrote:
>
> Hello all,
> I am trying to do something a bit complicating and was wondering if
> some of you had tried this is in the past or had any tips. First off
> ipfilter has been wonderful, helpful and is a great tool. Now to the
> issue/problem I am having. We are running a couple zones on a T2000
> one zone with a world access IP address ie. 147.9.X.X. We then want to
> create a separate zone on a private subnet ie. 192.168.1.2 which
> currently does not have any world access. What I would like and am
> trying to do is take ipfilter/ipnat and use RDR to redirect 2 ports
> from Global zone to Zone B. I have tried the configuration bellow but
> have not been successful. Any help would be appreciated and is this
> even possible. We are running ipfilter/ipnat that came with Solaris 10.
>
I'm not sure you can do this with zones...
Your problem is that the global zone doesn't act as a router
for zones - at all.
Darren
