E.S. wrote: > I mean i can ping outside interface of opensolaris: 10.10.10.3 from > another host of inside network (IP 192.168.0.43) but routing between > 10.10.10.3 and 192.68.0.2 on opensolaris is not enabled.
That's normal, and doesn't actually involve any routing of any sort, at least on your OpenSolaris system. The question I think you're really after here is "how does Solaris [or any IP system, for that matter] determine whether a received packet with a given destination address is something it should receive?" There are at least two different answers to this. If you subscribe to the "Strong ES" model of the Universe (not the default; you have to set the ip_strict_dst_multihoming ndd variable to break your system in that way), then it must match the input interface's local address. If it doesn't, then the packet is dropped. For the "Weak ES" model (the default for Solaris and most other systems and generally required for external routing to work), the address just has to match one of the local addresses configured on any interface on the system. It sounds like you're expecting "Strong ES" behavior or perhaps some variation of it. If so, I would recommend (rather than setting that ugly old flag) setting up IP Filter with the exact packet-drop policies you want. That's what packet filters are for. [The assumption I'm making here, and that I can't prove, is that 192.168.0.2 on your network is the address of a router that knows how to forward packets to 10.10.10.3.] You might get further in understanding the situation by using wireshark or snoop to trace where the packets are actually going. You're not seeing routing on the part of OpenSolaris. If the interface flags (seen with ifconfig) don't include "ROUTER", then the system isn't forwarding IP packets, regardless of what routing protocols or whatever else might be running on the system. That's the key flag to look at for system forwarding. -- James Carlson 42.703N 71.076W <carls...@workingcode.com> _______________________________________________ networking-discuss mailing list networking-discuss@opensolaris.org
